[ubuntu/natty-security] freetype 2.4.4-1ubuntu2.2 (Accepted)

Tyler Hicks tyhicks at canonical.com
Fri Nov 18 04:03:36 UTC 2011 

freetype (2.4.4-1ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439

Date: Thu, 17 Nov 2011 13:58:59 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/freetype/2.4.4-1ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Nov 2011 13:58:59 -0600
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.4.4-1ubuntu2.2
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes: 
 freetype (2.4.4-1ubuntu2.2) natty-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
     - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
       in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
       src/truetype/ttgxvar.c. Based on upstream patch.
     - CVE-2011-3256
   * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
     - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
       PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
     - CVE-2011-3439
Checksums-Sha1: 
 4e3cdcdf313b5713d945d22f0fc1439a077d75fe 1986 freetype_2.4.4-1ubuntu2.2.dsc
 99b7ee81f8e49e4620afae8262a4512b64f36609 37515 freetype_2.4.4-1ubuntu2.2.diff.gz
Checksums-Sha256: 
 4cd21e1bd1dcf23914480532161c953dba3883e3aae2bf521618082a5677ea71 1986 freetype_2.4.4-1ubuntu2.2.dsc
 db95b81b72039f4a1e8ee5470ba5f0146348310df377fd60936b4faf7c1a7613 37515 freetype_2.4.4-1ubuntu2.2.diff.gz
Files: 
 f7e4de112f84b36e16078e96c536c99d 1986 libs optional freetype_2.4.4-1ubuntu2.2.dsc
 bb2b3a85db3d9d145b0346f4347b8cbd 37515 libs optional freetype_2.4.4-1ubuntu2.2.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

More information about the Natty-changes mailing list