[util-issues] [Issue 101560] integer overflows in free type

Tue, 05 May 2009 02:38:11 -0700 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=101560
                 Issue #|101560
                 Summary|integer overflows in freetype
               Component|utilities
                 Version|OOO310m11
                Platform|All
                     URL|http://lists.debian.org/debian-security-announce/2009/
                        |msg00095.html
              OS/Version|All
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P2
            Subcomponent|code
             Assigned to|mh
             Reported by|rene





------- Additional comments from r...@openoffice.org Tue May  5 09:38:07 +0000 
2009 -------
--- snip ---
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1784-1                    secur...@debian.org
http://www.debian.org/security/                                 Nico Golde
April 30th, 2009                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : freetype
Vulnerability  : integer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2009-0946


Tavis Ormandy discovered several integer overflows in FreeType, a library
to process and access font files, resulting in heap- or stack-based
buffer overflows leading to application crashes or the execution
of arbitrary code via a crafted font file.


For the oldstable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch4.

For the stable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.3.9-4.1.
--- snip ---

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@util.openoffice.org
For additional commands, e-mail: issues-h...@util.openoffice.org


---------------------------------------------------------------------
To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org
For additional commands, e-mail: allbugs-h...@openoffice.org

Reply via email to