freetype 2.3.11-1ubuntu2.6 source package in Ubuntu
Changelog
freetype (2.3.11-1ubuntu2.6) lucid-security; urgency=low * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1126.patch: Perform better input sanitization when parsing properties. Based on upstream patch. - CVE-2012-1126 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1127.patch: Perform better input sanitization when parsing glyphs. Based on upstream patch. - CVE-2012-1127 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid NULL pointer dereference. Based on upstream patch. - CVE-2012-1128 * SECURITY UPDATE: Denial of service via crafted Type42 font - debian/patches-freetype/CVE-2012-1129.patch: Perform better input sanitization when parsing SFNT strings. Based on upstream patch. - CVE-2012-1129 * SECURITY UPDATE: Denial of service via crafted PCF font - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to properly NULL-terminate parsed properties strings. Based on upstream patch. - CVE-2012-1130 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to prevent integer truncation on 64 bit systems when rendering fonts. Based on upstream patch. - CVE-2012-1131 * SECURITY UPDATE: Denial of service via crafted Type1 font - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of appropriate length when loading Type1 fonts. Based on upstream patch. - CVE-2012-1132 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted BDF font - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative glyph encoding values to prevent invalid array indexes. Based on upstream patch. - CVE-2012-1133 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted Type1 font - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1 private dictionary size to prevent writing past array bounds. Based on upstream patch. - CVE-2012-1134 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds checks when interpreting TrueType bytecode. Based on upstream patch. - CVE-2012-1135 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted BDF font - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is defined when parsing glyphs. Based on upstream patch. - CVE-2012-1136 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number of array elements to prevent reading past array bounds. Based on upstream patch. - CVE-2012-1137 * SECURITY UPDATE: Denial of service via crafted TrueType font - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in invalid read from wrong memory location. Based on upstream patch. - CVE-2012-1138 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to prevent reading invalid memory. Based on upstream patch. - CVE-2012-1139 * SECURITY UPDATE: Denial of service via crafted PostScript font - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in boundary checks. Based on upstream patch. - CVE-2012-1140 * SECURITY UPDATE: Denial of service via crafted BDF font - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements to prevent invalid read. Based on upstream patch. - CVE-2012-1141 * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization on first and last character code fields. Based on upstream patch. - CVE-2012-1142 * SECURITY UPDATE: Denial of service via crafted font - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by zero when dealing with 32 bit types. Based on upstream patch. - CVE-2012-1143 * SECURITY UPDATE: Denial of service and arbitrary code execution via crafted TrueType font - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization on the first glyph outline point value. Based on upstream patch. - CVE-2012-1144 -- Tyler Hicks <email address hidden> Wed, 21 Mar 2012 19:57:51 -0500
Upload details
- Uploaded by:
- Tyler Hicks
- Uploaded to:
- Lucid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
freetype_2.3.11.orig.tar.gz | 1.6 MiB | 95ad903fe5b91707a8e1d362f1b4705c25738347130f66813544ad57c1ce066b |
freetype_2.3.11-1ubuntu2.6.diff.gz | 50.4 KiB | 6e79de573f9367b5ecc436893ba2fa60b5518ef5a6cf026d3311d715f2c75588 |
freetype_2.3.11-1ubuntu2.6.dsc | 1.9 KiB | f4e94df4a5d752ecfee47acd83d8d10fcf5e548b9695f9cf04c460afe2b02d78 |
Available diffs
Binary packages built by this source
- freetype2-demos: No summary available for freetype2-demos in ubuntu lucid.
No description available for freetype2-demos in ubuntu lucid.
- libfreetype6: No summary available for libfreetype6 in ubuntu lucid.
No description available for libfreetype6 in ubuntu lucid.
- libfreetype6-dev: No summary available for libfreetype6-dev in ubuntu lucid.
No description available for libfreetype6-dev in ubuntu lucid.
- libfreetype6-udeb: No summary available for libfreetype6-udeb in ubuntu lucid.
No description available for libfreetype6-udeb in ubuntu lucid.