[ubuntu/lucid-security] freetype 2.3.11-1ubuntu2.6 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Fri Mar 23 03:33:41 UTC 2012
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144
Date: Wed, 21 Mar 2012 19:57:51 -0500
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/freetype/2.3.11-1ubuntu2.6
-------------- next part --------------
Format: 1.8
Date: Wed, 21 Mar 2012 19:57:51 -0500
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.3.11-1ubuntu2.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low
.
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144
Checksums-Sha1:
f33c6252bee6c90f0f1c7a5c82ac1c82b391888d 1953 freetype_2.3.11-1ubuntu2.6.dsc
12499f44728693b13c3896f464c67e74dcd03994 51582 freetype_2.3.11-1ubuntu2.6.diff.gz
Checksums-Sha256:
f4e94df4a5d752ecfee47acd83d8d10fcf5e548b9695f9cf04c460afe2b02d78 1953 freetype_2.3.11-1ubuntu2.6.dsc
6e79de573f9367b5ecc436893ba2fa60b5518ef5a6cf026d3311d715f2c75588 51582 freetype_2.3.11-1ubuntu2.6.diff.gz
Files:
780a8ea1202fb1bf76cca51a6521002c 1953 libs optional freetype_2.3.11-1ubuntu2.6.dsc
7caec0217e3fe4aa61eaa42ac2e0bf59 51582 libs optional freetype_2.3.11-1ubuntu2.6.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Lucid-changes
mailing list