Format: 1.8 Date: Thu, 15 Jun 2017 16:09:14 -0500 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source Version: 2.5.2-2ubuntu3.2 Distribution: vivid-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Emily Ratliff Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.5.2-2ubuntu3.2) vivid-security; urgency=medium . [ Steve Beattie] * SECURITY UPDATE: heap based buffer overflow in cff_parser_run() - debian/patches-freetype/CVE-2016-10328.patch: add additional check to parser stack size in src/cff/cffparse.c - CVE-2016-10328 [ Marc Deslauriers ] * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings - debian/patches-freetype/CVE-2017-8105.patch: add a check to src/psaux/t1decode.c. - CVE-2017-8105 * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour - debian/patches-freetype/CVE-2017-8287.patch: add a check to src/psaux/psobjs.c. - CVE-2017-8287 * SECURITY UPDATE: DoS and possible code execution via missing glyph name - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c. - CVE-2016-10244 Checksums-Sha1: e799a4434de464aef035f47c15d21158a7a05ddd 2199 freetype_2.5.2-2ubuntu3.2.dsc 9ad798db0835759a05a14816ef47c0c3124c0b72 89610 freetype_2.5.2-2ubuntu3.2.diff.gz Checksums-Sha256: 992657da9a4cc405051d5de9c68cc57e7e6b3c9d4bdc89a11b0e014f865ea507 2199 freetype_2.5.2-2ubuntu3.2.dsc 56ba606cbd2717dc99d1f4ae759fcd654967862485aa2b930ac982e662213d3d 89610 freetype_2.5.2-2ubuntu3.2.diff.gz Files: 1708525f25fc110b8ccfc53f373fbae6 2199 libs optional freetype_2.5.2-2ubuntu3.2.dsc 17b3b538e3cb7c40a4eb0a1e92576848 89610 libs optional freetype_2.5.2-2ubuntu3.2.diff.gz Original-Maintainer: Steve Langasek