Ubuntu
freetype package

freetype 2.4.8-1ubuntu1 source package in Ubuntu

Changelog

freetype (2.4.8-1ubuntu1) precise; urgency=low

  * SECURITY UPDATE: Denial of service via crafted BDF font (LP: #963283)
    - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
      sanitization when parsing properties. Based on upstream patch.
    - CVE-2012-1126
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
      sanitization when parsing glyphs. Based on upstream patch.
    - CVE-2012-1127
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
      NULL pointer dereference. Based on upstream patch.
    - CVE-2012-1128
  * SECURITY UPDATE: Denial of service via crafted Type42 font
    - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
      sanitization when parsing SFNT strings. Based on upstream patch.
    - CVE-2012-1129
  * SECURITY UPDATE: Denial of service via crafted PCF font
    - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
      properly NULL-terminate parsed properties strings. Based on upstream
      patch.
    - CVE-2012-1130
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
      prevent integer truncation on 64 bit systems when rendering fonts. Based
      on upstream patch.
    - CVE-2012-1131
  * SECURITY UPDATE: Denial of service via crafted Type1 font
    - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
      appropriate length when loading Type1 fonts. Based on upstream patch.
    - CVE-2012-1132
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
      glyph encoding values to prevent invalid array indexes. Based on
      upstream patch.
    - CVE-2012-1133
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted Type1 font
    - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
      private dictionary size to prevent writing past array bounds. Based on
      upstream patch.
    - CVE-2012-1134
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
      checks when interpreting TrueType bytecode. Based on upstream patch.
    - CVE-2012-1135
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted BDF font
    - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
      defined when parsing glyphs. Based on upstream patch.
    - CVE-2012-1136
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
      of array elements to prevent reading past array bounds. Based on
      upstream patch.
    - CVE-2012-1137
  * SECURITY UPDATE: Denial of service via crafted TrueType font
    - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
      invalid read from wrong memory location. Based on upstream patch.
    - CVE-2012-1138
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
      prevent reading invalid memory. Based on upstream patch.
    - CVE-2012-1139
  * SECURITY UPDATE: Denial of service via crafted PostScript font
    - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
      boundary checks. Based on upstream patch.
    - CVE-2012-1140
  * SECURITY UPDATE: Denial of service via crafted BDF font
    - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
      to prevent invalid read. Based on upstream patch.
    - CVE-2012-1141
  * SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
    - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
      on first and last character code fields. Based on upstream patch.
    - CVE-2012-1142
  * SECURITY UPDATE: Denial of service via crafted font
    - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
      zero when dealing with 32 bit types. Based on upstream patch.
    - CVE-2012-1143
  * SECURITY UPDATE: Denial of service and arbitrary code execution via
    crafted TrueType font
    - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
      on the first glyph outline point value. Based on upstream patch.
    - CVE-2012-1144
 -- Tyler Hicks <email address hidden>   Fri, 23 Mar 2012 12:13:46 -0500

Upload details

Uploaded by:
Tyler Hicks
Sponsored by:
Jamie Strandboge
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
freetype_2.4.8.orig.tar.gz 1.7 MiB 69b8e431c44a380f178bf82cc3635340bcd0c029abba3a55db69a8a91d543211
freetype_2.4.8-1ubuntu1.diff.gz 41.7 KiB 7e8e733a0365623dfa323e8ad2764e57032149c31511a437c4161af4519a539b
freetype_2.4.8-1ubuntu1.dsc 2.1 KiB 8eccc0acb059b9e846a4d38caf5ad467f698e9c86c9db2fd1d73991c0c64ce56

Available diffs

View changes file

Binary packages built by this source

freetype2-demos: FreeType 2 demonstration programs

 This package contains some demonstration programs and utilities
 which showcase the features of the FreeType 2 font engine.

libfreetype6: FreeType 2 font engine, shared library files

 The FreeType project is a team of volunteers who develop free,
 portable and high-quality software solutions for digital typography.
 They specifically target embedded systems and focus on bringing small,
 efficient and ubiquitous products.
 .
 The FreeType 2 library is their new software font engine. It has been
 designed to provide the following important features:
  * A universal and simple API to manage font files
  * Support for several font formats through loadable modules
  * High-quality anti-aliasing
  * High portability & performance
 .
 Supported font formats include:
  * TrueType files (.ttf) and collections (.ttc)
  * Type 1 font files both in ASCII (.pfa) or binary (.pfb) format
  * Type 1 Multiple Master fonts. The FreeType 2 API also provides
    routines to manage design instances easily
  * Type 1 CID-keyed fonts
  * OpenType/CFF (.otf) fonts
  * CFF/Type 2 fonts
  * Adobe CEF fonts (.cef), used to embed fonts in SVG documents with
    the Adobe SVG viewer plugin.
  * Windows FNT/FON bitmap fonts
 .
 This package contains the files needed to run programs that use the
 FreeType 2 library.
 .
  Home Page: http://www.freetype.org/
  Authors: David Turner <david.turner@freetype.org>
           Robert Wilhelm <robert.wilhelm@freetype.org>
           Werner Lemberg <werner.lemberg@freetype.org>

libfreetype6-dev: FreeType 2 font engine, development files

 The FreeType project is a team of volunteers who develop free,
 portable and high-quality software solutions for digital typography.
 They specifically target embedded systems and focus on bringing small,
 efficient and ubiquitous products.
 .
 This package contains all supplementary files (static library, headers
 and documentation) you need to develop your own programs using the
 FreeType 2 library.

libfreetype6-udeb: FreeType 2 font engine for the debian-installer

 The FreeType project is a team of volunteers who develop free,
 portable and high-quality software solutions for digital typography.
 They specifically target embedded systems and focus on bringing small,
 efficient and ubiquitous products.
 .
 This is the udeb package for use with the debian-installer.