Ubuntu

“freetype” 2.1.10-1ubuntu2.7 source package in The Dapper Drake

Publishing history

2.1.10-1ubuntu2.7
SUPERSEDED: Dapper pocket Updates in component main and section libs
  • Removed from disk on 2010-08-18.
  • Removal requested on 2010-08-18.
  • Superseded on 2010-08-17 by freetype - 2.1.10-1ubuntu2.8
  • Published on 2010-07-20
  • Copied from ubuntu dapper in Private PPA for Ubuntu Security Team
2.1.10-1ubuntu2.7
SUPERSEDED: Dapper pocket Security in component main and section libs
  • Removed from disk on 2010-08-18.
  • Removal requested on 2010-08-18.
  • Superseded on 2010-08-17 by freetype - 2.1.10-1ubuntu2.8
  • Published on 2010-07-20
  • Copied from ubuntu dapper in Private PPA for Ubuntu Security Team

Builds

Changelog

freetype (2.1.10-1ubuntu2.7) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid free
    - debian/patches/412-CVE-2010-2498.patch: validate number of points in
      src/pshinter/pshalgo.c.
    - CVE-2010-2498
  * SECURITY UPDATE: arbitrary code execution via buffer overflow
    - debian/patches/413-CVE-2010-2499.patch: check positions and return
      code in src/base/ftobjs.c.
    - CVE-2010-2499
  * SECURITY UPDATE: arbitrary code execution via integer overflow
    - debian/patches/414-CVE-2010-2500.patch: switch to unsigned in
      src/smooth/ftgrays.c, check signed width and height in
      src/smooth/ftsmooth.c.
    - CVE-2010-2500
  * SECURITY UPDATE: arbitrary code execution via heap buffer overflow
    - debian/patches/415-CVE-2010-2519.patch: correctly calculate length in
      src/base/ftobjs.c.
    - CVE-2010-2519
  * SECURITY UPDATE: arbitrary code execution via invalid realloc
    - debian/patches/416-CVE-2010-2520.patch: perform bounds checking in
      src/truetype/ttinterp.c.
    - CVE-2010-2520
  * SECURITY UPDATE: arbitrary code execution via buffer overflows
    - debian/patches/417-CVE-2010-2527.patch: change buffer sizes in
      src/{ftmulti,ftstring,ftview}.c.
    - CVE-2010-2527
 -- Marc Deslauriers <email address hidden>   Thu, 15 Jul 2010 13:00:49 -0400