[Bug 963283] [NEW] [Precise] FreeType is vulnerable to CVE-2012-1126 through CVE-2012-1144
Tyler Hicks
tyhicks at canonical.com
Fri Mar 23 17:05:02 UTC 2012
*** This bug is a security vulnerability ***
Private security bug reported:
Precise, along with Debian unstable and testing, currently use freetype
version 2.4.8-1. Upstream FreeType recently released version 2.4.9,
which addressed many security issues:
http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
There have also been a few upstream commits, since the 2.4.9 release,
that made improvements and/or corrections to the changes in 2.4.9.
I've addressed these issues in our stable releases, but Precise is still
in need of an update. I will attach a debdiff of the fixes backported to
2.4.8-1.
** Affects: freetype (Ubuntu)
Importance: Medium
Status: Triaged
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1126
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1127
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1128
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1129
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1130
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1131
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1132
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1133
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1134
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1135
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1136
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1137
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1138
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1139
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1140
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1141
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1142
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1143
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1144
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/963283
Title:
[Precise] FreeType is vulnerable to CVE-2012-1126 through
CVE-2012-1144
Status in “freetype” package in Ubuntu:
Triaged
Bug description:
Precise, along with Debian unstable and testing, currently use
freetype version 2.4.8-1. Upstream FreeType recently released version
2.4.9, which addressed many security issues:
http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
There have also been a few upstream commits, since the 2.4.9 release,
that made improvements and/or corrections to the changes in 2.4.9.
I've addressed these issues in our stable releases, but Precise is
still in need of an update. I will attach a debdiff of the fixes
backported to 2.4.8-1.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/963283/+subscriptions
More information about the foundations-bugs
mailing list