Format: 1.8 Date: Wed, 21 Mar 2012 19:57:51 -0500 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: i386 Version: 2.4.2-2ubuntu0.4 Distribution: maverick Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.4.2-2ubuntu0.4) maverick-security; urgency=low . * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1126.patch: Perform better input sanitization when parsing properties. Based on upstream patch. - CVE-2012-1126 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1127.patch: Perform better input sanitization when parsing glyphs. Based on upstream patch. - CVE-2012-1127 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid NULL pointer dereference. Based on upstream patch. - CVE-2012-1128 * SECURITY UPDATE: Denial of service via crafted Type42 font - debian/patches-freetype/CVE-2012-1129.patch: Perform better input sanitization when parsing SFNT strings. Based on upstream patch. - CVE-2012-1129 * SECURITY UPDATE: Denial of service via crafted PCF font - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to properly NULL-terminate parsed properties strings. Based on upstream patch. - CVE-2012-1130 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to prevent integer truncation on 64 bit systems when rendering fonts. Based on upstream patch. - CVE-2012-1131 * SECURITY UPDATE: Denial of service via crafted Type1 font - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of appropriate length when loading Type1 fonts. Based on upstream patch. - CVE-2012-1132 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted BDF font - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative glyph encoding values to prevent invalid array indexes. Based on upstream patch. - CVE-2012-1133 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted Type1 font - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1 private dictionary size to prevent writing past array bounds. Based on upstream patch. - CVE-2012-1134 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds checks when interpreting TrueType bytecode. Based on upstream patch. - CVE-2012-1135 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted BDF font - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is defined when parsing glyphs. Based on upstream patch. - CVE-2012-1136 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number of array elements to prevent reading past array bounds. Based on upstream patch. - CVE-2012-1137 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in invalid read from wrong memory location. Based on upstream patch. - CVE-2012-1138 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to prevent reading invalid memory. Based on upstream patch. - CVE-2012-1139 * SECURITY UPDATE: Denial of service via crafted PostScript font - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in boundary checks. Based on upstream patch. - CVE-2012-1140 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements to prevent invalid read. Based on upstream patch. - CVE-2012-1141 * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization on first and last character code fields. Based on upstream patch. - CVE-2012-1142 * SECURITY UPDATE: Denial of service via crafted font - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by zero when dealing with 32 bit types. Based on upstream patch. - CVE-2012-1143 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted TrueType font - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization on the first glyph outline point value. Based on upstream patch. - CVE-2012-1144 Checksums-Sha1: c4516a57fe6bffa065d862bd46e7ab8f37dcb7f2 359504 libfreetype6_2.4.2-2ubuntu0.4_i386.deb a2c60f4931012f1a2c375d5c935faa2c25134434 711348 libfreetype6-dev_2.4.2-2ubuntu0.4_i386.deb 64269f4e02ed8ce7539d12c1a484808d39b9f6b9 188352 freetype2-demos_2.4.2-2ubuntu0.4_i386.deb 4f5b1824688d0fb2975aebb46ea8dd723072ea3f 263386 libfreetype6-udeb_2.4.2-2ubuntu0.4_i386.udeb Checksums-Sha256: 9215293d55a468c612b79611192f2bf8016ef53a034a2a133d9fc48448b509a5 359504 libfreetype6_2.4.2-2ubuntu0.4_i386.deb c3c5d62972b87ac984d12e7a27c6233389238d1818e04e7c76c8ff9b15645a04 711348 libfreetype6-dev_2.4.2-2ubuntu0.4_i386.deb d36c003fe1887b9349eab3d1d3af7a004d83629d26c83921c55b2eecbfe80edf 188352 freetype2-demos_2.4.2-2ubuntu0.4_i386.deb ec6ec60dd86d24376c62654d0804f49ba7fb67b07e6fe5d725f6a2a8d20468a9 263386 libfreetype6-udeb_2.4.2-2ubuntu0.4_i386.udeb Files: 4fea44fc9105a5a9efdddbec99c18e8b 359504 libs optional libfreetype6_2.4.2-2ubuntu0.4_i386.deb 931e1cec1666f8c370d2c1c7c383bff2 711348 libdevel optional libfreetype6-dev_2.4.2-2ubuntu0.4_i386.deb e679de13786d6f804cd30ea0b0635e9d 188352 utils optional freetype2-demos_2.4.2-2ubuntu0.4_i386.deb 27b78536f70941208a99eb68b34a3671 263386 debian-installer extra libfreetype6-udeb_2.4.2-2ubuntu0.4_i386.udeb Original-Maintainer: Steve Langasek Package-Type: udeb