Ubuntu

“freetype” 2.3.9-4ubuntu0.3 source package in Ubuntu

Changelog

freetype (2.3.9-4ubuntu0.3) jaunty-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in CFF Type2 CharStrings interpreter (LP: #617019)
    - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
      in src/cff/cffgload.c.
    - CVE-2010-1797
  * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
    in the ftmulti demo program (LP: #617019)
    - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
      sizes in src/ftmulti.c.
    - CVE-2010-2541
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
      src/base/ftstream.c.
    - CVE-2010-2805
  * SECURITY UPDATE: possible arbitrary code execution via improper bounds
    checking (LP: #617019)
    - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
      src/type42/t42parse.c.
    - CVE-2010-2806
  * SECURITY UPDATE: possible arbitrary code execution via improper type
    comparisons (LP: #617019)
    - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
      checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
    - CVE-2010-2807
  * SECURITY UPDATE: possible arbitrary code execution via memory
    corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
    - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
      src/base/ftobjs.c.
    - CVE-2010-2808
  * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
    - debian/patches-freetype/bug30135.patch: don't modify value in static
      string in src/bdf/bdflib.c.
  * SECURITY UPDATE: denial of service via nested "seac" calls
    - debian/patches-freetype/nested-seac.patch: handle nested calls
      correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
      src/cff/cffgload.h, src/psaux/t1decode.c.
 -- Marc Deslauriers <email address hidden>   Fri, 13 Aug 2010 10:23:02 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2010-08-13
Uploaded to:
Jaunty
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
freetype_2.3.9.orig.tar.gz 1.5 MiB 7b2ab681f1a436876ed888041204e478
freetype_2.3.9-4ubuntu0.3.diff.gz 43.0 KiB 17b27322a6448d40599c55561209c940
freetype_2.3.9-4ubuntu0.3.dsc 1.3 KiB 5124a4df7016a625a631c1ff4661aae9

Binary packages built by this source

freetype2-demos: No summary available for freetype2-demos in ubuntu jaunty.

No description available for freetype2-demos in ubuntu jaunty.

libfreetype6: No summary available for libfreetype6 in ubuntu jaunty.

No description available for libfreetype6 in ubuntu jaunty.

libfreetype6-dev: No summary available for libfreetype6-dev in ubuntu jaunty.

No description available for libfreetype6-dev in ubuntu jaunty.

libfreetype6-udeb: No summary available for libfreetype6-udeb in ubuntu jaunty.

No description available for libfreetype6-udeb in ubuntu jaunty.