[ubuntu/oneiric-security] freetype 2.4.4-2ubuntu1.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Fri Nov 18 04:03:27 UTC 2011 

freetype (2.4.4-2ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439

Date: Thu, 17 Nov 2011 13:58:36 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/freetype/2.4.4-2ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Nov 2011 13:58:36 -0600
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.4.4-2ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes: 
 freetype (2.4.4-2ubuntu1.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
     - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
       in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
       src/truetype/ttgxvar.c. Based on upstream patch.
     - CVE-2011-3256
   * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
     - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
       PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
     - CVE-2011-3439
Checksums-Sha1: 
 f420806188d076383fb5d946758829feb50cbcee 1979 freetype_2.4.4-2ubuntu1.1.dsc
 9c7c158b6152edeb68a6c7918fbcde49ad684bb3 37592 freetype_2.4.4-2ubuntu1.1.diff.gz
Checksums-Sha256: 
 b0f5eb5dd21e55e7a5f6e5d05f6775b75931a48d770e491455a8573418d62b04 1979 freetype_2.4.4-2ubuntu1.1.dsc
 02f6ae08f9fe553cd27fa44f3c78b2005fccf69f6efcd8fbcfc7a51104faa687 37592 freetype_2.4.4-2ubuntu1.1.diff.gz
Files: 
 fa5cd4ce0da3820d3a73e65fb52ca246 1979 libs optional freetype_2.4.4-2ubuntu1.1.dsc
 5121c249d49579d3d27fa888899529ec 37592 libs optional freetype_2.4.4-2ubuntu1.1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>

More information about the Oneiric-changes mailing list