[Bug 963283]
Tyler Hicks
tyhicks at canonical.com
Fri Mar 23 18:14:55 UTC 2012
On 2012-03-23 17:52:04, Steve Langasek wrote:
> Please note that there are regressions wrt ghostscript with freetype
> 2.4.9; these may be intertwined with the security patches, I haven't
> looked yet.
They are intertwined with the security patches, but the attached debdiff
already accounts for them.
> https://savannah.nongnu.org/bugs/index.php?35847
> https://savannah.nongnu.org/bugs/index.php?35833
Fixes for both of these bugs are included, along with the original
CVE-2012-1132 fix, in CVE-2012-1132.patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/963283
Title:
[Precise] FreeType is vulnerable to CVE-2012-1126 through
CVE-2012-1144
Status in “freetype” package in Ubuntu:
Confirmed
Bug description:
Precise, along with Debian unstable and testing, currently use
freetype version 2.4.8-1. Upstream FreeType recently released version
2.4.9, which addressed many security issues:
http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
There have also been a few upstream commits, since the 2.4.9 release,
that made improvements and/or corrections to the changes in 2.4.9.
I've addressed these issues in our stable releases, but Precise is
still in need of an update. I will attach a debdiff of the fixes
backported to 2.4.8-1.
The Ubuntu CVE Tracker has links to the related bugs and patches:
http://people.canonical.com/~ubuntu-security/cve/pkg/freetype.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/963283/+subscriptions
More information about the foundations-bugs
mailing list