[ubuntu/dapper-security] freetype, freetype (delayed) 2.1.10-1ubuntu2.7 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Jul 20 10:04:08 BST 2010
freetype (2.1.10-1ubuntu2.7) dapper-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/412-CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/413-CVE-2010-2499.patch: check positions and return
code in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/414-CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/415-CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/416-CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/417-CVE-2010-2527.patch: change buffer sizes in
src/{ftmulti,ftstring,ftview}.c.
- CVE-2010-2527
Date: Thu, 15 Jul 2010 13:00:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Will Newton <will at debian.org>
https://launchpad.net/ubuntu/dapper/+source/freetype/2.1.10-1ubuntu2.7
-------------- next part --------------
Format: 1.7
Date: Thu, 15 Jul 2010 13:00:49 -0400
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: source
Version: 2.1.10-1ubuntu2.7
Distribution: dapper-security
Urgency: low
Maintainer: Will Newton <will at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer
Changes:
freetype (2.1.10-1ubuntu2.7) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/412-CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/413-CVE-2010-2499.patch: check positions and return
code in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/414-CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/415-CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/416-CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/417-CVE-2010-2527.patch: change buffer sizes in
src/{ftmulti,ftstring,ftview}.c.
- CVE-2010-2527
Files:
4f1ab392b150b45f00d7084a2fda2e3f 719 libs optional freetype_2.1.10-1ubuntu2.7.dsc
53a1e74f47f7370e6cedfd49ef33f82a 66378 libs optional freetype_2.1.10-1ubuntu2.7.diff.gz
More information about the dapper-changes
mailing list