Ubuntu

“freetype” 2.3.9-4ubuntu0.2 source package in The Jaunty Jackalope

Publishing history

2.3.9-4ubuntu0.2
SUPERSEDED: Jaunty pocket Updates in component main and section libs
  • Removed from disk on 2010-08-18.
  • Removal requested on 2010-08-18.
  • Superseded on 2010-08-17 by freetype - 2.3.9-4ubuntu0.3
  • Published on 2010-07-20
  • Copied from ubuntu jaunty in Private PPA for Ubuntu Security Team
2.3.9-4ubuntu0.2
SUPERSEDED: Jaunty pocket Security in component main and section libs
  • Removed from disk on 2010-08-18.
  • Removal requested on 2010-08-18.
  • Superseded on 2010-08-17 by freetype - 2.3.9-4ubuntu0.3
  • Published on 2010-07-20
  • Copied from ubuntu jaunty in Private PPA for Ubuntu Security Team

Builds

Changelog

freetype (2.3.9-4ubuntu0.2) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via invalid free
    - debian/patches/CVE-2010-2498.patch: validate number of points in
      src/pshinter/pshalgo.c.
    - CVE-2010-2498
  * SECURITY UPDATE: arbitrary code execution via buffer overflow
    - debian/patches/CVE-2010-2499.patch: check positions and return code
      in src/base/ftobjs.c.
    - CVE-2010-2499
  * SECURITY UPDATE: arbitrary code execution via integer overflow
    - debian/patches/CVE-2010-2500.patch: switch to unsigned in
      src/smooth/ftgrays.c, check signed width and height in
      src/smooth/ftsmooth.c.
    - CVE-2010-2500
  * SECURITY UPDATE: arbitrary code execution via heap buffer overflow
    - debian/patches/CVE-2010-2519.patch: correctly calculate length in
      src/base/ftobjs.c.
    - CVE-2010-2519
  * SECURITY UPDATE: arbitrary code execution via invalid realloc
    - debian/patches/CVE-2010-2520.patch: perform bounds checking in
      src/truetype/ttinterp.c.
    - CVE-2010-2520
  * SECURITY UPDATE: arbitrary code execution via buffer overflows
    - debian/patches/CVE-2010-2527.patch: change buffer sizes in
      src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
    - CVE-2010-2527
 -- Marc Deslauriers <email address hidden>   Thu, 15 Jul 2010 10:25:42 -0400