[ubuntu/karmic-security] freetype, freetype (delayed) 2.3.9-5ubuntu0.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Jul 20 10:03:34 BST 2010
freetype (2.3.9-5ubuntu0.1) karmic-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/CVE-2010-2499.patch: check positions and return code
in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/CVE-2010-2527.patch: change buffer sizes in
src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
- CVE-2010-2527
Date: Thu, 15 Jul 2010 09:32:35 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/freetype/2.3.9-5ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 15 Jul 2010 09:32:35 -0400
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.3.9-5ubuntu0.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.3.9-5ubuntu0.1) karmic-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/CVE-2010-2499.patch: check positions and return code
in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/CVE-2010-2527.patch: change buffer sizes in
src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
- CVE-2010-2527
Checksums-Sha1:
2e8eac039c956c58417c971accec3be8cbb2ed09 1311 freetype_2.3.9-5ubuntu0.1.dsc
dee0d5c5d886fc6683788aec8f74ac9b54c2b9de 38847 freetype_2.3.9-5ubuntu0.1.diff.gz
Checksums-Sha256:
b566475e1e04b36e22c3e37429f7d250d916e34620c3aab2a35bc7b6a0028383 1311 freetype_2.3.9-5ubuntu0.1.dsc
fd87fd249863f685f6dae635b94eab6d02f7c327acbabcee5ca4770328f2423d 38847 freetype_2.3.9-5ubuntu0.1.diff.gz
Files:
4aacd927d22517066aa795b0b4637c57 1311 libs optional freetype_2.3.9-5ubuntu0.1.dsc
6694e4319b4b87a7366381ff0f4066ca 38847 libs optional freetype_2.3.9-5ubuntu0.1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Karmic-changes
mailing list