-
freetype (2.3.11-1ubuntu2.8) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
-- Marc Deslauriers <email address hidden> Tue, 24 Feb 2015 11:22:14 -0500
-
freetype (2.3.11-1ubuntu2.7) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches-freetype/CVE-2012-5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669
-- Marc Deslauriers <email address hidden> Fri, 11 Jan 2013 15:16:40 -0500
-
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144
-- Tyler Hicks <email address hidden> Wed, 21 Mar 2012 19:57:51 -0500
-
freetype (2.3.11-1ubuntu2.5) lucid-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
- debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
src/truetype/ttgxvar.c. Based on upstream patch.
- CVE-2011-3256
* SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
- debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
- CVE-2011-3439
-- Tyler Hicks <email address hidden> Thu, 17 Nov 2011 13:59:33 -0600
-
freetype (2.3.11-1ubuntu2.4) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via libXft overflow.
- debian/patches/CVE-2010-3311.patch: correctly validate position in
src/base/ftstream.c.
- CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
improper error handling of SHZ bytecode instruction
- debian/patches/CVE-2010-3814.patch: add bounds check to
src/truetype/ttinterp.c.
- CVE-2010-3814
* SECURITY UPDATE: denial of service and possible code execution via
TrueType GX font
- debian/patches/CVE-2010-3855.patch: add bounds checks to
src/truetype/ttgxvar.c.
- CVE-2010-3855
-- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 14:38:53 -0400
-
freetype (2.3.11-1ubuntu2.2) lucid-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in CFF Type2 CharStrings interpreter (LP: #617019)
- debian/patches-freetype/CVE-2010-1797.patch: check number of operands
in src/cff/cffgload.c.
- CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in the ftmulti demo program (LP: #617019)
- debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
sizes in src/ftmulti.c.
- CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
src/base/ftstream.c.
- CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
src/type42/t42parse.c.
- CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
comparisons (LP: #617019)
- debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
- CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
- debian/patches-freetype/CVE-2010-2808.patch: check rlen in
src/base/ftobjs.c.
- CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
- debian/patches-freetype/bug30135.patch: don't modify value in static
string in src/bdf/bdflib.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 08:26:33 -0400
-
freetype (2.3.11-1ubuntu2.1) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/CVE-2010-2499.patch: check positions and return code
in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/CVE-2010-2527.patch: change buffer sizes in
src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
- CVE-2010-2527
-- Marc Deslauriers <email address hidden> Thu, 15 Jul 2010 08:46:19 -0400
-
freetype (2.3.11-1ubuntu2) lucid; urgency=low
* Revert last change. I really did have a FTBFS that "looked" like this
was the cause, but it's actually something else that dropped it's
dependency on libfreetype6-dev.
-- Mario Limonciello <email address hidden> Tue, 01 Dec 2009 02:25:21 -0600
-
freetype (2.3.11-1ubuntu1) lucid; urgency=low
* debian/libfreetype6.files:
- Correct an extra period that was placed causing other packages to
FTBFS when linking against freetype.
-- Mario Limonciello <email address hidden> Sun, 29 Nov 2009 23:30:35 -0600
-
freetype (2.3.11-1) unstable; urgency=low
* New upstream release
- drop debian/patches-freetype/proper-armel-asm-declaration.patch and
debian/patches-freetype/CVE-2009-0946.patch, applied upstream.
- new symbol tt_cmap13_class_rec added to the symbols table, bump the
shlibs.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 05 Nov 2009 05:58:41 +0000
-
freetype (2.3.9-5) unstable; urgency=low
* Pass proper --host/--build args to ./configure, to support
cross-building. Closes: #465292.
* clean up a number of unused variables in debian/rules; maybe someday
we'll get this package to converge on debhelper 7... :)
* Fix the doc-base section for libfreetype6-dev. Closes: #315845.
* Remove one final reference to /usr/X11R6 in debian/rules.
* Drop incorrect Replaces: freetype0, freetype1
* Add debian/README.source, documenting the madness that is this source
package.
* Standards-Version to 3.8.0.
* Fix multiple integer overflows leading to arbitrary code execution
or DoS (CVE-2009-0946; Closes: #524925). Thanks to Nico Golde for the
NMU.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 04 Jun 2009 05:47:39 +0100
