Format: 1.7
Date: Fri, 13 Aug 2010 10:55:35 -0400
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: amd64
Version: 2.1.10-1ubuntu2.8
Distribution: dapper
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@crested.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes: 
 freetype (2.1.10-1ubuntu2.8) dapper-security; urgency=low
 .
   * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
     in CFF Type2 CharStrings interpreter (LP: #617019)
     - debian/patches/418-CVE-2010-1797.patch: check number of operands
       in src/cff/cffgload.c.
     - CVE-2010-1797
   * SECURITY UPDATE: possible arbitrary code execution via buffer overflow
     in the ftmulti demo program (LP: #617019)
     - debian/patches/424-CVE-2010-2541.patch: use strncat and adjust
       sizes in src/ftmulti.c.
     - CVE-2010-2541
   * SECURITY UPDATE: possible arbitrary code execution via improper bounds
     checking (LP: #617019)
     - debian/patches/419-CVE-2010-2805.patch: fix calculation in
       src/base/ftstream.c.
     - CVE-2010-2805
   * SECURITY UPDATE: possible arbitrary code execution via improper bounds
     checking (LP: #617019)
     - debian/patches/420-CVE-2010-2806.patch: check string sizes in
       src/type42/t42parse.c.
     - CVE-2010-2806
   * SECURITY UPDATE: possible arbitrary code execution via improper type
     comparisons (LP: #617019)
     - debian/patches/421-CVE-2010-2807.patch: perform better bounds
       checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
     - CVE-2010-2807
   * SECURITY UPDATE: possible arbitrary code execution via memory
     corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
     - debian/patches/422-CVE-2010-2808.patch: check rlen in
       src/base/ftobjs.c.
     - CVE-2010-2808
   * SECURITY UPDATE: denial of service via bdf font (LP: #617019)
     - debian/patches/423-bug30135.patch: don't modify value in static
       string in src/bdf/bdflib.c.
Files: 
 afa83868cc67cec692f72a9dc93635ff 440974 libs optional libfreetype6_2.1.10-1ubuntu2.8_amd64.deb
 f332d5b1974aa53f200e4e6ecf9df088 717794 libdevel optional libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb
 dca56851436275285b4563c96388a070 133902 utils optional freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb
 358627e207009dbe0c5be095e7bed18d 251958 debian-installer extra libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb