[ubuntu/hardy-security] freetype 2.3.5-1ubuntu4.8.04.7 (Accepted)

Tyler Hicks tyhicks at canonical.com
Fri Nov 18 04:04:03 UTC 2011 

freetype (2.3.5-1ubuntu4.8.04.7) hardy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439

Date: Thu, 17 Nov 2011 13:59:42 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/freetype/2.3.5-1ubuntu4.8.04.7
-------------- next part --------------
Format: 1.7
Date: Thu, 17 Nov 2011 13:59:42 -0600
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.3.5-1ubuntu4.8.04.7
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer
Changes: 
 freetype (2.3.5-1ubuntu4.8.04.7) hardy-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
     - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
       in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
       src/truetype/ttgxvar.c. Based on upstream patch.
     - CVE-2011-3256
   * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
     - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
       PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
     - CVE-2011-3439
Files: 
 02add62e2e3f5006de59096c8c7ad53c 1542 libs optional freetype_2.3.5-1ubuntu4.8.04.7.dsc
 0a50d7d4b435ccf5dc29f3fcda904595 43838 libs optional freetype_2.3.5-1ubuntu4.8.04.7.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

More information about the Hardy-changes mailing list