-
freetype (2.8-0.2ubuntu2.1) artful-security; urgency=medium
* SECURITY UPDATE: NULL dereference pointer
- debian/patches-freetype/CVE-2018-6942.patch: re sets args array to zero
if not coords in src/truetype/ttinterp.c.
- CVE-2018-6942
-- <email address hidden> (Leonidas S. Barbosa) Wed, 14 Feb 2018 12:33:52 -0300
-
freetype (2.8-0.2ubuntu2) artful; urgency=medium
* debian/rules: post-process ftconfig.h to avoid arch-dependent
definitions for multiarch, and move it back to /usr/include so that all
headers are again in the same path relative to each other.
-- Steve Langasek <email address hidden> Wed, 30 Aug 2017 05:34:29 +0000
-
freetype (2.8-0.2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
* Drop fixes included in this release
- fix CVE-2016-10328
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
-- Gianfranco Costamagna <email address hidden> Tue, 04 Jul 2017 08:13:24 +0200
-
freetype (2.6.3-3.2ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
- fix CVE-2016-10328
-- Gianfranco Costamagna <email address hidden> Sun, 30 Apr 2017 11:43:07 +0200
-
freetype (2.6.3-3.1ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make libfreetype6-dev M-A: same.
- Error out on the use of the freetype-config --libtool option.
- Don't add multiarch libdirs for freetype-config --libs.
- Install the freetype2/freetype/config headers into the multiarch
include path and provide symlinks in /usr/include.
- debian/patches/0001-Revert-pcf-Signedness-fixes.patch: revert signedness
fixes in pcf which break grub-mkfont (limits glyphs to 32768, which drops
most zh_CN glyphs and probably others). (LP: #1559933)
- fix CVE-2016-10328
* Drop fix for CVE-2016-10244: fixed in previous Debian upload.
-- Gianfranco Costamagna <email address hidden> Sat, 29 Apr 2017 15:50:16 +0200
-
freetype (2.6.3-3ubuntu2.1) zesty-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Wed, 19 Apr 2017 23:17:25 -0700
-
freetype (2.6.3-3ubuntu2) zesty; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:00:06 -0400
