freetype 2.4.4-1ubuntu2.3 source package in Ubuntu
Changelog
freetype (2.4.4-1ubuntu2.3) natty-security; urgency=low
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144
-- Tyler Hicks <email address hidden> Wed, 21 Mar 2012 19:57:51 -0500
Upload details
- Uploaded by:
- Tyler Hicks
- Uploaded to:
- Natty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| freetype_2.4.4.orig.tar.gz | 1.6 MiB | 7db9b8ce20569399fb3a82d91db079b3eab97f7008f14a7b038b238b5814d75e |
| freetype_2.4.4-1ubuntu2.3.diff.gz | 44.3 KiB | e89a31aea2cfc7c1b6cc32da60e0637591d0585d557986c4c26f5c7857f48ca2 |
| freetype_2.4.4-1ubuntu2.3.dsc | 1.9 KiB | 01657b8b7a88ccdd757b93f207665723f3be1ffce5dbb2bc35699b5db1e923e2 |
Available diffs
Binary packages built by this source
- freetype2-demos: No summary available for freetype2-demos in ubuntu natty.
No description available for freetype2-demos in ubuntu natty.
- libfreetype6: No summary available for libfreetype6 in ubuntu natty.
No description available for libfreetype6 in ubuntu natty.
- libfreetype6-dev: No summary available for libfreetype6-dev in ubuntu natty.
No description available for libfreetype6-dev in ubuntu natty.
- libfreetype6-udeb: No summary available for libfreetype6-udeb in ubuntu natty.
No description available for libfreetype6-udeb in ubuntu natty.
