[Bug 963283] [NEW] [Precise] FreeType is vulnerable to CVE-2012-1126 through CVE-2012-1144

Tyler Hicks tyhicks at canonical.com
Fri Mar 23 17:05:02 UTC 2012


*** This bug is a security vulnerability ***

Private security bug reported:

Precise, along with Debian unstable and testing, currently use freetype
version 2.4.8-1. Upstream FreeType recently released version 2.4.9,
which addressed many security issues:

http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view

There have also been a few upstream commits, since the 2.4.9 release,
that made improvements and/or corrections to the changes in 2.4.9.

I've addressed these issues in our stable releases, but Precise is still
in need of an update. I will attach a debdiff of the fixes backported to
2.4.8-1.

** Affects: freetype (Ubuntu)
     Importance: Medium
         Status: Triaged

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1126

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1127

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1128

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1129

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1130

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1131

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1132

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1133

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1134

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1135

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1136

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1137

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1138

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1139

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1140

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1141

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1142

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1143

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1144

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/963283

Title:
  [Precise] FreeType is vulnerable to CVE-2012-1126 through
  CVE-2012-1144

Status in “freetype” package in Ubuntu:
  Triaged

Bug description:
  Precise, along with Debian unstable and testing, currently use
  freetype version 2.4.8-1. Upstream FreeType recently released version
  2.4.9, which addressed many security issues:

  http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view

  There have also been a few upstream commits, since the 2.4.9 release,
  that made improvements and/or corrections to the changes in 2.4.9.

  I've addressed these issues in our stable releases, but Precise is
  still in need of an update. I will attach a debdiff of the fixes
  backported to 2.4.8-1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/963283/+subscriptions




More information about the foundations-bugs mailing list