Control: tags 856971 + pending Dear maintainer,
I've prepared an NMU for freetype (versioned as 2.6.3-3.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer or if I can reschedule it to upload earlier. Regards, Salvatore
diff -u freetype-2.6.3/debian/changelog freetype-2.6.3/debian/changelog --- freetype-2.6.3/debian/changelog +++ freetype-2.6.3/debian/changelog @@ -1,3 +1,12 @@ +freetype (2.6.3-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2016-10244: Heap-buffer-overflow + src/type1/t1load.c (parse_charstrings): Reject fonts that don't contain + glyph names. (Closes: #856971) + + -- Salvatore Bonaccorso <car...@debian.org> Thu, 30 Mar 2017 19:16:33 +0200 + freetype (2.6.3-3) unstable; urgency=medium * Install the now-available-upstream manpages for freetype-demos. diff -u freetype-2.6.3/debian/patches-freetype/series freetype-2.6.3/debian/patches-freetype/series --- freetype-2.6.3/debian/patches-freetype/series +++ freetype-2.6.3/debian/patches-freetype/series @@ -5,0 +6 @@ +CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch only in patch2: unchanged: --- freetype-2.6.3.orig/debian/patches-freetype/CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch +++ freetype-2.6.3/debian/patches-freetype/CVE-2016-10244-type1-Fix-heap-buffer-overflow.patch @@ -0,0 +1,33 @@ +From a660e3de422731b94d4a134d27555430cbb6fb39 Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <w...@gnu.org> +Date: Fri, 26 Aug 2016 00:23:27 +0200 +Subject: [PATCH] [type1] Fix heap buffer overflow. + +Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 + +* src/type1/t1load.c (parse_charstrings): Reject fonts that don't +contain glyph names. +--- + +diff --git a/src/type1/t1load.c b/src/type1/t1load.c +index c981adcf..f8bf3132 100644 +--- a/src/type1/t1load.c ++++ b/src/type1/t1load.c +@@ -1776,6 +1776,12 @@ + } + } + ++ if ( !n ) ++ { ++ error = FT_THROW( Invalid_File_Format ); ++ goto Fail; ++ } ++ + loader->num_glyphs = n; + + /* if /.notdef is found but does not occupy index 0, do our magic. */ +-- +2.11.0 +