[ubuntu/lucid-security] freetype, freetype (delayed) 2.3.11-1ubuntu2.2 (Accepted)

Tue Aug 17 18:03:31 BST 2010

freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.

Date: Fri, 13 Aug 2010 08:26:33 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/freetype/2.3.11-1ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Fri, 13 Aug 2010 08:26:33 -0400
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.3.11-1ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Launchpad-Bugs-Fixed: 617019 617019 617019 617019 617019 617019 617019
Changes: 
 freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
     in CFF Type2 CharStrings interpreter (LP: #617019)
     - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
       in src/cff/cffgload.c.
     - CVE-2010-1797
   * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
     in the ftmulti demo program (LP: #617019)
     - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
       sizes in src/ftmulti.c.
     - CVE-2010-2541
   * SECURITY UPDATE: possible arbitrary code execution via improper bounds
     checking (LP: #617019)
     - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
       src/base/ftstream.c.
     - CVE-2010-2805
   * SECURITY UPDATE: possible arbitrary code execution via improper bounds
     checking (LP: #617019)
     - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
       src/type42/t42parse.c.
     - CVE-2010-2806
   * SECURITY UPDATE: possible arbitrary code execution via improper type
     comparisons (LP: #617019)
     - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
       checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
     - CVE-2010-2807
   * SECURITY UPDATE: possible arbitrary code execution via memory
     corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
     - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
       src/base/ftobjs.c.
     - CVE-2010-2808
   * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
     - debian/patches-freetype/bug30135.patch: don't modify value in static
       string in src/bdf/bdflib.c.
Checksums-Sha1: 
 a92a17ff1013d1fbba116275059d0398b5b5c577 1313 freetype_2.3.11-1ubuntu2.2.dsc
 b28ba9f2396e3b564ea3e0fadf3d47e6c2ce11be 41646 freetype_2.3.11-1ubuntu2.2.diff.gz
Checksums-Sha256: 
 52027c94a457477c70a6c087e97f38afcf33008b3b3dd08c3ea746b7125b8abd 1313 freetype_2.3.11-1ubuntu2.2.dsc
 2596355a23e440541429bd85024d04cc1c72131ad3080390543985f5a60898c6 41646 freetype_2.3.11-1ubuntu2.2.diff.gz
Files: 
 b7b625334a0d9c926bf34cc83dcc904c 1313 libs optional freetype_2.3.11-1ubuntu2.2.dsc
 9b97425327300eda74c492034fed50ad 41646 libs optional freetype_2.3.11-1ubuntu2.2.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>