[ubuntu/hardy-security] freetype 2.3.5-1ubuntu4.8.04.7 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Fri Nov 18 04:04:03 UTC 2011
freetype (2.3.5-1ubuntu4.8.04.7) hardy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
- debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
src/truetype/ttgxvar.c. Based on upstream patch.
- CVE-2011-3256
* SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
- debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
- CVE-2011-3439
Date: Thu, 17 Nov 2011 13:59:42 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/freetype/2.3.5-1ubuntu4.8.04.7
-------------- next part --------------
Format: 1.7
Date: Thu, 17 Nov 2011 13:59:42 -0600
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.3.5-1ubuntu4.8.04.7
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer
Changes:
freetype (2.3.5-1ubuntu4.8.04.7) hardy-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
- debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
src/truetype/ttgxvar.c. Based on upstream patch.
- CVE-2011-3256
* SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
- debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
- CVE-2011-3439
Files:
02add62e2e3f5006de59096c8c7ad53c 1542 libs optional freetype_2.3.5-1ubuntu4.8.04.7.dsc
0a50d7d4b435ccf5dc29f3fcda904595 43838 libs optional freetype_2.3.5-1ubuntu4.8.04.7.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Hardy-changes
mailing list