Change log for freetype package in Ubuntu

175 of 147 results
Published in artful-release on 2017-07-29
Deleted in artful-proposed (Reason: moved to release)
freetype (2.8-0.2ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
  * Drop fixes included in this release
    - fix CVE-2016-10328
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)

 -- Gianfranco Costamagna <email address hidden>  Tue, 04 Jul 2017 08:13:24 +0200
Published in precise-updates on 2017-05-16
Published in precise-security on 2017-05-16
freetype (2.4.8-1ubuntu2.6) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

 -- Emily Ratliff <email address hidden>  Mon, 15 May 2017 20:31:15 -0500
Published in trusty-updates on 2017-05-09
Published in trusty-security on 2017-05-09
freetype (2.5.2-1ubuntu2.8) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

 -- Marc Deslauriers <email address hidden>  Thu, 04 May 2017 11:57:17 -0400

Available diffs

Published in xenial-updates on 2017-05-09
Published in xenial-security on 2017-05-09
freetype (2.6.1-0.1ubuntu2.3) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

 -- Marc Deslauriers <email address hidden>  Thu, 04 May 2017 11:56:21 -0400
Published in yakkety-updates on 2017-05-09
Published in yakkety-security on 2017-05-09
freetype (2.6.3-3ubuntu1.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

 -- Marc Deslauriers <email address hidden>  Thu, 04 May 2017 11:55:16 -0400
Published in zesty-updates on 2017-05-09
Published in zesty-security on 2017-05-09
freetype (2.6.3-3ubuntu2.2) zesty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

 -- Marc Deslauriers <email address hidden>  Thu, 04 May 2017 11:48:34 -0400
Superseded in artful-release on 2017-07-29
Deleted in artful-proposed on 2017-07-30 (Reason: moved to release)
freetype (2.6.3-3.2ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)
    - fix CVE-2016-10328

 -- Gianfranco Costamagna <email address hidden>  Sun, 30 Apr 2017 11:43:07 +0200
Superseded in artful-release on 2017-05-03
Deleted in artful-proposed on 2017-05-04 (Reason: moved to release)
freetype (2.6.3-3.1ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)
    - fix CVE-2016-10328
  * Drop fix for CVE-2016-10244: fixed in previous Debian upload.

 -- Gianfranco Costamagna <email address hidden>  Sat, 29 Apr 2017 15:50:16 +0200
Superseded in artful-release on 2017-04-29
Deleted in artful-proposed on 2017-05-10 (Reason: moved to release)
Superseded in zesty-updates on 2017-05-09
Superseded in zesty-security on 2017-05-09
freetype (2.6.3-3ubuntu2.1) zesty-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

 -- Steve Beattie <email address hidden>  Wed, 19 Apr 2017 23:17:25 -0700
Superseded in yakkety-updates on 2017-05-09
Superseded in yakkety-security on 2017-05-09
freetype (2.6.3-3ubuntu1.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

 -- Steve Beattie <email address hidden>  Wed, 19 Apr 2017 17:31:59 -0700
Superseded in xenial-updates on 2017-05-09
Superseded in xenial-security on 2017-05-09
freetype (2.6.1-0.1ubuntu2.2) xenial-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

 -- Steve Beattie <email address hidden>  Wed, 19 Apr 2017 17:29:18 -0700
Superseded in trusty-updates on 2017-05-09
Superseded in trusty-security on 2017-05-09
freetype (2.5.2-1ubuntu2.7) trusty-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

 -- Steve Beattie <email address hidden>  Wed, 19 Apr 2017 09:24:10 -0700
Superseded in precise-updates on 2017-05-16
Superseded in precise-security on 2017-05-16
freetype (2.4.8-1ubuntu2.5) precise-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

 -- Steve Beattie <email address hidden>  Tue, 18 Apr 2017 14:35:42 -0700
Superseded in precise-updates on 2017-04-21
Superseded in precise-security on 2017-04-21
freetype (2.4.8-1ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

 -- Marc Deslauriers <email address hidden>  Thu, 16 Mar 2017 13:42:14 -0400
Superseded in trusty-updates on 2017-04-21
Superseded in trusty-security on 2017-04-21
freetype (2.5.2-1ubuntu2.6) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

 -- Marc Deslauriers <email address hidden>  Thu, 16 Mar 2017 13:39:54 -0400
Superseded in yakkety-updates on 2017-04-21
Superseded in yakkety-security on 2017-04-21
freetype (2.6.3-3ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

 -- Marc Deslauriers <email address hidden>  Thu, 16 Mar 2017 13:00:06 -0400
Superseded in xenial-updates on 2017-04-21
Superseded in xenial-security on 2017-04-21
freetype (2.6.1-0.1ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

 -- Marc Deslauriers <email address hidden>  Thu, 16 Mar 2017 13:38:15 -0400
Superseded in artful-release on 2017-04-22
Published in zesty-release on 2017-03-17
Deleted in zesty-proposed (Reason: moved to release)
freetype (2.6.3-3ubuntu2) zesty; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

 -- Marc Deslauriers <email address hidden>  Thu, 16 Mar 2017 13:00:06 -0400

Available diffs

Superseded in zesty-release on 2017-03-17
Published in yakkety-release on 2016-04-28
Deleted in yakkety-proposed (Reason: moved to release)
freetype (2.6.3-3ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
    - debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
      fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
      most zh_CN glyphs and probably others). (LP: #1559933)

Superseded in yakkety-release on 2016-04-28
Deleted in yakkety-proposed on 2016-04-30 (Reason: moved to release)
freetype (2.6.1-0.1ubuntu3) yakkety; urgency=medium

  * No-change rebuild for libpng soname change.

 -- Matthias Klose <email address hidden>  Sat, 23 Apr 2016 00:06:12 +0000
Superseded in yakkety-release on 2016-04-23
Published in xenial-release on 2016-04-15
Deleted in xenial-proposed (Reason: moved to release)
freetype (2.6.1-0.1ubuntu2) xenial; urgency=medium

  * debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
    fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
    most zh_CN glyphs and probably others). (LP: #1559933)

 -- Mathieu Trudel-Lapierre <email address hidden>  Fri, 15 Apr 2016 14:53:27 -0400
Superseded in xenial-release on 2016-04-15
Deleted in xenial-proposed on 2016-04-17 (Reason: moved to release)
freetype (2.6.1-0.1ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/freetype/config headers into the multiarch
      include path and provide symlinks in /usr/include.
  * Dropped patches, included upstream:
    - debian/patches-freetype/multi-thread-violations.patch
    - debian/patches-freetype/savannah-bug-41309.patch
    - debian/patches-freetype/savannah-bug-41590.patch
  * debian/patches-freetype/revert_scalable_fonts_metric.patch: dropped,
    can no longer reproduce the issue originally reported in precise, and
    upstream doesn't think this is an appropriate fix.

Superseded in xenial-release on 2016-02-17
Published in wily-release on 2015-09-11
Deleted in wily-proposed (Reason: moved to release)
freetype (2.5.2-4ubuntu2) wily; urgency=medium

  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 10 Sep 2015 07:05:53 -0400

Available diffs

Superseded in trusty-updates on 2017-03-20
Superseded in trusty-security on 2017-03-20
freetype (2.5.2-1ubuntu2.5) trusty-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
    - debian/patches-freetype/savannah-bug-41309.patch: fix use of
      uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
      src/type1/t1load.c, src/type42/t42parse.c.
    - No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 10 Sep 2015 07:09:04 -0400
Superseded in precise-updates on 2017-03-20
Superseded in precise-security on 2017-03-20
freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
    - debian/patches-freetype/savannah-bug-41309.patch: fix use of
      uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
      src/type1/t1load.c, src/type42/t42parse.c.
    - No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 10 Sep 2015 07:10:41 -0400
Published in vivid-updates on 2015-09-10
Published in vivid-security on 2015-09-10
freetype (2.5.2-2ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
    - debian/patches-freetype/savannah-bug-41309.patch: fix use of
      uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
      src/type1/t1load.c, src/type42/t42parse.c.
    - No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 10 Sep 2015 07:07:57 -0400
Superseded in wily-release on 2015-09-11
Deleted in wily-proposed on 2015-09-12 (Reason: moved to release)
freetype (2.5.2-4ubuntu1) wily; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/config headers into the multiarch include path
      and provide symlinks in /usr/include.
    - debian/patches-freetype/multi-thread-violations.patch: fix
      multithread violations
  * Dropped changes, included in Debian:
    - debian/patches-freetype/CVE-2014-96xx/*
  * debian/patches-freetype/savannah-bug-41309.patch: fix use of
    uninitialized data. (LP: #1449225)

Available diffs

Superseded in wily-release on 2015-05-23
Published in vivid-release on 2015-02-26
Deleted in vivid-proposed (Reason: moved to release)
freetype (2.5.2-2ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9659
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9662
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9665
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9668
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675
 -- Marc Deslauriers <email address hidden>   Tue, 24 Feb 2015 11:28:03 -0500

Available diffs

Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
freetype (2.3.11-1ubuntu2.8) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675
 -- Marc Deslauriers <email address hidden>   Tue, 24 Feb 2015 11:22:14 -0500
Superseded in precise-updates on 2015-09-10
Superseded in precise-security on 2015-09-10
freetype (2.4.8-1ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675
 -- Marc Deslauriers <email address hidden>   Tue, 24 Feb 2015 10:35:56 -0500
Superseded in trusty-updates on 2015-09-10
Superseded in trusty-security on 2015-09-10
freetype (2.5.2-1ubuntu2.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9659
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9662
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9665
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9668
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675
 -- Marc Deslauriers <email address hidden>   Tue, 24 Feb 2015 09:06:36 -0500
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
freetype (2.5.2-2ubuntu1.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9659
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9662
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9665
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9668
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675
 -- Marc Deslauriers <email address hidden>   Tue, 24 Feb 2015 08:41:04 -0500
Superseded in trusty-updates on 2015-02-24
Deleted in trusty-proposed on 2015-02-26 (Reason: moved to -updates)
freetype (2.5.2-1ubuntu2.3) trusty; urgency=medium

  * Added patchset to fix multithread violations, LP: #1199571
    - debian/patches-freetype/multi-thread-violations.patch
 -- Marco Trevisan (Trevino) <email address hidden>   Fri, 23 Jan 2015 03:38:04 +0100
Superseded in vivid-release on 2015-02-26
Deleted in vivid-proposed on 2015-02-27 (Reason: moved to release)
freetype (2.5.2-2ubuntu2) vivid; urgency=medium

  * Added patchset to fix multithread violations, LP: #1199571
    - debian/patches-freetype/multi-thread-violations.patch
 -- Marco Trevisan (Trevino) <email address hidden>   Fri, 23 Jan 2015 03:23:18 +0100

Available diffs

Superseded in vivid-release on 2015-02-03
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
freetype (2.5.2-2ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
    - Make libfreetype6-dev M-A: same.
    - Error out on the use of the freetype-config --libtool option.
    - Don't add multiarch libdirs for freetype-config --libs.
    - Install the freetype2/config headers into the multiarch include path
      and provide symlinks in /usr/include.
  * Dropped changes, included in Debian:
    - debian/patches/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
      upstream patch to fix a double free.
    - debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
      upstream patch to fix cjk font rendering issue.

Available diffs

Superseded in utopic-release on 2014-09-19
Deleted in utopic-proposed on 2014-09-21 (Reason: moved to release)
freetype (2.5.2-1ubuntu5) utopic; urgency=medium

  * Make libfreetype6-dev M-A: same.
  * Error out on the use of the freetype-config --libtool option.
  * Don't add multiarch libdirs for freetype-config --libs.
  * Install the freetype2/config headers into the multiarch include path
    and provide symlinks in /usr/include.
 -- Matthias Klose <email address hidden>   Wed, 18 Jun 2014 22:40:19 +0200
Superseded in utopic-release on 2014-06-19
Deleted in utopic-proposed on 2014-06-20 (Reason: moved to release)
freetype (2.5.2-1ubuntu4) utopic; urgency=medium

  * debian/patches-freetype/0002-Fix-Savannah-bug-42418.patch: Cherry-pick
    upstream patch to fix cjk font rendering issue. (LP: #1310017)
 -- Jinkyu Yi <email address hidden>   Mon, 05 May 2014 23:26:37 +0900

Available diffs

Superseded in trusty-updates on 2015-02-16
Deleted in trusty-proposed on 2015-02-17 (Reason: moved to -updates)
freetype (2.5.2-1ubuntu2.2) trusty; urgency=medium

  * Fix incorrect Korean Fonts rendering. (LP: #1310017)
    - debian/patches-freetype/fix-incorrect-korean-fonts-rendering.patch
 -- Jinkyu Yi <email address hidden>   Sun, 27 Apr 2014 22:05:39 +0900
Superseded in trusty-updates on 2014-06-02
Deleted in trusty-proposed on 2014-06-03 (Reason: moved to -updates)
freetype (2.5.2-1ubuntu2.1) trusty; urgency=medium

  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. (LP: #1310728)
 -- Iain Lane <email address hidden>   Thu, 01 May 2014 12:53:39 +0100
Superseded in utopic-release on 2014-05-10
Deleted in utopic-proposed on 2014-05-11 (Reason: moved to release)
freetype (2.5.2-1ubuntu3) utopic; urgency=medium

  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. (LP: #1310728)
 -- Iain Lane <email address hidden>   Thu, 01 May 2014 12:53:39 +0100

Available diffs

Superseded in utopic-release on 2014-05-01
Published in trusty-release on 2014-03-13
Deleted in trusty-proposed (Reason: moved to release)
freetype (2.5.2-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution in
    CFF rasterizer
    - debian/patches/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - CVE-2014-2240
  * SECURITY UPDATE: denial of service in CFF rasterizer
    - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - CVE-2014-2241
 -- Marc Deslauriers <email address hidden>   Thu, 13 Mar 2014 12:47:17 -0400

Available diffs

Obsolete in saucy-updates on 2015-04-24
Obsolete in saucy-security on 2015-04-24
freetype (2.4.12-0ubuntu1.1) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution in
    CFF rasterizer
    - debian/patches-freetype/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - CVE-2014-2240
  * SECURITY UPDATE: denial of service in CFF rasterizer
    - debian/patches-freetype/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - CVE-2014-2241
 -- Marc Deslauriers <email address hidden>   Thu, 13 Mar 2014 12:52:16 -0400
Superseded in trusty-release on 2014-03-13
Deleted in trusty-proposed on 2014-03-15 (Reason: moved to release)
freetype (2.5.2-1ubuntu1) trusty; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
  * Dropped changes, included in Debian:
    - Fix png configuration for cross builds.
    - Run aclocal and autoconf.

Available diffs

Superseded in trusty-release on 2013-12-29
Deleted in trusty-proposed on 2013-12-30 (Reason: moved to release)
freetype (2.5.1-2ubuntu1) trusty; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
    - Fix png configuration for cross builds.
    - Run aclocal and autoconf.

Available diffs

Superseded in trusty-release on 2013-12-18
Deleted in trusty-proposed on 2013-12-19 (Reason: moved to release)
freetype (2.5.1-1ubuntu2) trusty; urgency=medium

  * Fix png configuration for cross builds.
  * Run aclocal and autoconf.
 -- Matthias Klose <email address hidden>   Fri, 06 Dec 2013 13:01:17 +0100

Available diffs

Superseded in trusty-release on 2013-12-06
Deleted in trusty-proposed on 2013-12-07 (Reason: moved to release)
freetype (2.5.1-1ubuntu1) trusty; urgency=low

  * Merge from Debian unstable (LP: #1256114), remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
  * Dropped changes, included in Debian:
    - debian/control: build-depends on libpng-dev
    - debian/libfreetype6.symbols: new version update
  * Drop debian/patches-ft2demos/compiler-warning-fixes.patch, which is
    actually a bug in the compiler_hardening_fixes.patch and has been fixed
    there in the Ubuntu version.

Superseded in trusty-release on 2013-11-29
Deleted in trusty-proposed on 2013-11-30 (Reason: moved to release)
freetype (2.5.0.1-0ubuntu2) trusty; urgency=low

  * debian/control: build-depends on libpng12-dev
 -- Sebastien Bacher <email address hidden>   Mon, 11 Nov 2013 12:03:49 +0100
Superseded in trusty-proposed on 2013-11-11
freetype (2.5.0.1-0ubuntu1) trusty; urgency=low

  * New upstream version (lp: #1203012)
  * debian/patches-freetype/git_unitialized_variable.patch,
    debian/patches-ft2demos/init_variables.patch:
    - dropped, the fixes are in the new version
  * debian/libfreetype6.symbols: new version update
 -- Sebastien Bacher <email address hidden>   Mon, 11 Nov 2013 11:52:19 +0100

Available diffs

Superseded in trusty-release on 2013-11-11
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
freetype (2.4.12-0ubuntu1) saucy; urgency=low

  * New upstream version (lp: #1179523)
  * debian/patches-freetype/git_unitialized_variable.patch,
    debian/patches-ft2demos/init_variables.patch:
    - fix an unitialized variable warnings which were breaking the build
  * debian/libfreetype6.symbols: updated
 -- Sebastien Bacher <email address hidden>   Mon, 13 May 2013 13:12:42 +0200
Superseded in saucy-release on 2013-06-25
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
freetype (2.4.11-0ubuntu1) raring; urgency=low

  * New upstream version
  * debian/patches-freetype/CVE-2012-5668.patch,
    debian/patches-freetype/CVE-2012-5669.patch,
    debian/patches-freetype/CVE-2012-5670.patch:
    - dropped, those fixes are in the new version
  * debian/patches-ft2demos/compiler_hardening_fixes.patch:
    - changed unsigned char* to char* to fix "pointer targets in assignment
      differ in signedness" build error
  * debian/libfreetype6.symbols: updated for the new version
 -- Sebastien Bacher <email address hidden>   Fri, 08 Feb 2013 12:50:09 +0100
Superseded in raring-release on 2013-02-08
Deleted in raring-proposed on 2013-02-09 (Reason: moved to release)
freetype (2.4.10-0ubuntu2) raring; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
  * SECURITY UPDATE: denial of service and possible code execution via out-
    of-bounds write
    - debian/patches-freetype/CVE-2012-5670.patch: normalize negative
      parameter in src/bdf/bdflib.c.
    - CVE-2012-5670
 -- Marc Deslauriers <email address hidden>   Mon, 14 Jan 2013 13:24:57 -0500
Obsolete in hardy-updates on 2015-04-24
Obsolete in hardy-security on 2015-04-24
freetype (2.3.5-1ubuntu4.8.04.10) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
 -- Marc Deslauriers <email address hidden>   Fri, 11 Jan 2013 15:18:51 -0500
Superseded in lucid-updates on 2015-02-24
Superseded in lucid-security on 2015-02-24
freetype (2.3.11-1ubuntu2.7) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
 -- Marc Deslauriers <email address hidden>   Fri, 11 Jan 2013 15:16:40 -0500
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
freetype (2.4.4-2ubuntu1.3) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
 -- Marc Deslauriers <email address hidden>   Fri, 11 Jan 2013 13:47:14 -0500
Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
freetype (2.4.10-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
  * SECURITY UPDATE: denial of service and possible code execution via out-
    of-bounds write
    - debian/patches-freetype/CVE-2012-5670.patch: normalize negative
      parameter in src/bdf/bdflib.c.
    - CVE-2012-5670
 -- Marc Deslauriers <email address hidden>   Fri, 11 Jan 2013 13:38:01 -0500
Superseded in precise-updates on 2015-02-24
Superseded in precise-security on 2015-02-24
freetype (2.4.8-1ubuntu2.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via NULL
    pointer dereference
    - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
      of allocation error in src/bdf/bdflib.c.
    - CVE-2012-5668
  * SECURITY UPDATE: denial of service and possible code execution via heap
    buffer over-read in BDF parsing
    - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
      in src/bdf/bdflib.c.
    - CVE-2012-5669
 -- Marc Deslauriers <email address hidden>   Fri, 11 Jan 2013 13:45:45 -0500
Superseded in raring-release on 2013-01-14
Obsolete in quantal-release on 2015-04-24
freetype (2.4.10-0ubuntu1) quantal; urgency=low

  * New upstream version
  * debian/libfreetype6.symbols:
    - new version update
  * debian/patches-freetype/savannah-bug-35847.patch,
    debian/patches-freetype/savannah-bug-35833.patch:
    - dropped, the fixes are in the new version
  * Resynchronize on Debian, remaining diff:
  * debian/patches-freetype/revert_scalable_fonts_metric.patch:
    - revert commit "Fix metrics on size request for scalable fonts.",
      it's breaking gtk underlining markups and creating some other
      issues as well (lp: #972223)

Superseded in quantal-release on 2012-08-03
Published in precise-release on 2012-04-03
freetype (2.4.8-1ubuntu2) precise; urgency=low

  * debian/patches-freetype/revert_scalable_fonts_metric.patch:
    - revert commit "Fix metrics on size request for scalable fonts.",
      it's breaking gtk underlining markups and creating some other
      issues as well (lp: #972223)
 -- Sebastien Bacher <email address hidden>   Tue, 03 Apr 2012 10:42:05 +0200

Available diffs

Superseded in precise-release on 2012-04-03
freetype (2.4.8-1ubuntu1) precise; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font (LP: #963283)
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Fri, 23 Mar 2012 12:13:46 -0500

Available diffs

Superseded in hardy-updates on 2013-01-14
Superseded in hardy-security on 2013-01-14
freetype (2.3.5-1ubuntu4.8.04.9) hardy-security; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Wed, 21 Mar 2012 19:57:51 -0500
Superseded in lucid-updates on 2013-01-14
Superseded in lucid-security on 2013-01-14
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Wed, 21 Mar 2012 19:57:51 -0500
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
freetype (2.4.2-2ubuntu0.4) maverick-security; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Wed, 21 Mar 2012 19:57:51 -0500
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
freetype (2.4.4-1ubuntu2.3) natty-security; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Wed, 21 Mar 2012 19:57:51 -0500
Superseded in oneiric-updates on 2013-01-14
Superseded in oneiric-security on 2013-01-14
freetype (2.4.4-2ubuntu1.2) oneiric-security; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Wed, 21 Mar 2012 19:57:51 -0500
Superseded in precise-release on 2012-03-29
freetype (2.4.8-1) unstable; urgency=high

  * New upstream release
    - upstream fix for CVE-2011-3439.  Closes: #649122.
    - adjust libfreetype6.symbols for a newly-exported function.
 -- Tyler Hicks <email address hidden>   Fri,  18 Nov 2011 19:24:03 +0000

Available diffs

Superseded in hardy-updates on 2012-03-23
Superseded in hardy-security on 2012-03-23
freetype (2.3.5-1ubuntu4.8.04.7) hardy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439
 -- Tyler Hicks <email address hidden>   Thu, 17 Nov 2011 13:59:42 -0600
Superseded in lucid-updates on 2012-03-23
Superseded in lucid-security on 2012-03-23
freetype (2.3.11-1ubuntu2.5) lucid-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439
 -- Tyler Hicks <email address hidden>   Thu, 17 Nov 2011 13:59:33 -0600
Superseded in maverick-updates on 2012-03-23
Superseded in maverick-security on 2012-03-23
freetype (2.4.2-2ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439
 -- Tyler Hicks <email address hidden>   Thu, 17 Nov 2011 13:59:14 -0600
Superseded in natty-updates on 2012-03-23
Superseded in natty-security on 2012-03-23
freetype (2.4.4-1ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439
 -- Tyler Hicks <email address hidden>   Thu, 17 Nov 2011 13:58:59 -0600
Superseded in oneiric-updates on 2012-03-23
Superseded in oneiric-security on 2012-03-23
freetype (2.4.4-2ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439
 -- Tyler Hicks <email address hidden>   Thu, 17 Nov 2011 13:58:36 -0600
Superseded in precise-release on 2011-11-18
freetype (2.4.7-2) unstable; urgency=low


  * Use dpkg-buildflags through debhelper.
  * Don't set -Werror in CFLAGS on alpha or m68k, to work around a compiler
    bug.  Closes: #646334.

 -- Steve Langasek <email address hidden>  Mon, 24 Oct 2011 22:02:32 +0000
Superseded in precise-release on 2011-10-26
freetype (2.4.7-1) unstable; urgency=low


  * New upstream release
    - upstream fix for CVE-2011-3256.  Closes: #646120.
    - drop debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch,
      included upstream.
  * Pass --without-bzip2 to configure, to avoid unwanted dependency on
    libbz2.  Closes: #639638.
  * Standards-Version 3.9.2.

 -- Steve Langasek <email address hidden>  Sat, 22 Oct 2011 20:18:59 +0000
Superseded in precise-release on 2011-10-24
freetype (2.4.6-2) unstable; urgency=low


  * debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch: [PATCH]
    Fix Savannah bug #33992.  Thanks to David Bevan
    <email address hidden>.  Closes: #638348.

 -- Steve Langasek <email address hidden>  Sat, 20 Aug 2011 06:30:18 +0000
Superseded in precise-release on 2011-10-21
Obsolete in oneiric-release on 2015-04-24
freetype (2.4.4-2ubuntu1) oneiric; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-0226.patch: check for proper
      signedness in src/psaux/t1decode.c.
    - CVE-2011-0226
  * debian/rules: fix FTBFS with gcc 4.6 by adding
    -Wno-unused-but-set-variable to CFLAGS to downgrade it to a warning.
 -- Marc Deslauriers <email address hidden>   Mon, 08 Aug 2011 08:13:07 -0400

Available diffs

Superseded in natty-updates on 2011-11-18
Superseded in natty-security on 2011-11-18
freetype (2.4.4-1ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-0226.patch: check for proper
      signedness in src/psaux/t1decode.c.
    - CVE-2011-0226
 -- Marc Deslauriers <email address hidden>   Thu, 21 Jul 2011 13:59:37 -0400
175 of 147 results