[Bug 963283] Re: [Precise] FreeType is vulnerable to CVE-2012-1126 through CVE-2012-1144

[Jamie Strandboge]

Unsubscribing ubuntu-security-sponsors now that it is uploaded.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/963283

Title:
  [Precise] FreeType is vulnerable to CVE-2012-1126 through
  CVE-2012-1144

Status in “freetype” package in Ubuntu:
  Fix Committed

Bug description:
  Precise, along with Debian unstable and testing, currently use
  freetype version 2.4.8-1. Upstream FreeType recently released version
  2.4.9, which addressed many security issues:

  http://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view

  There have also been a few upstream commits, since the 2.4.9 release,
  that made improvements and/or corrections to the changes in 2.4.9.

  I've addressed these issues in our stable releases, but Precise is
  still in need of an update. I will attach a debdiff of the fixes
  backported to 2.4.8-1.

  The Ubuntu CVE Tracker has links to the related bugs and patches:

  http://people.canonical.com/~ubuntu-security/cve/pkg/freetype.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/963283/+subscriptions