Ubuntu
freetype package

Sync freetype 2.4.8-1 (main) from Debian unstable (main)

Bug #892277 reported by Tyler Hicks
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freetype (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync freetype 2.4.8-1 (main) from Debian unstable (main)

FreeType 2.4.8 fixes an arbitrary code execution vulnerability when
loading specially crafted CID-keyed PostScript font files.

FreeType 2.4.8 is primarily a security release:

http://freetype.sourceforge.net/index2.html#release-freetype-2.4.8

Changelog entries since current precise version 2.4.7-2:

freetype (2.4.8-1) unstable; urgency=high

  * New upstream release
    - upstream fix for CVE-2011-3439. Closes: #649122.
    - adjust libfreetype6.symbols for a newly-exported function.

 -- Steve Langasek <email address hidden> Thu, 17 Nov 2011 22:28:14 +0000

Tyler Hicks (tyhicks)
Changed in freetype (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

2011-11-18 19:23:40 INFO Creating lockfile: /var/lock/launchpad-sync-source.lock
[Updating] freetype (2.4.7-2 [Ubuntu] < 2.4.8-1 [Debian])
 * Trying to add freetype...
2011-11-18 19:24:01 INFO - <freetype_2.4.8.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
2011-11-18 19:24:03 INFO - <freetype_2.4.8-1.dsc: downloading from http://ftp.debian.org/debian/>
2011-11-18 19:24:03 INFO - <freetype_2.4.8-1.diff.gz: downloading from http://ftp.debian.org/debian/>
2011-11-18 19:24:04 DEBUG Removing lock file: /var/lock/launchpad-sync-source.lock
I: freetype [main] -> libfreetype6_2.4.7-2 [main].
I: freetype [main] -> libfreetype6-dev_2.4.7-2 [main].
I: freetype [main] -> freetype2-demos_2.4.7-2 [universe].
I: freetype [main] -> libfreetype6-udeb_2.4.7-2 [main].

Changed in freetype (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.