Your message dated Sat, 7 Jul 2007 15:59:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#432013: freetype: CVE-2007-3506: memory buffer overwrite
bug
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: freetype
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2007-3506 [0]:
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
2.3.3 allows context-dependent attackers to cause a denial of service
and possibly execute arbitrary code via unspecified vectors involving
bitmap fonts, related to a "memory buffer overwrite bug."
This vulnerability may allow access to the accounts of users who use the
package. The original bug report [1] provides instructions on how to
reproduce the issue, but I have been unable to do so. The CVE links to
a patch from freetype's CVS [2]; the code appears to have changed
between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
in ftbitmap.c the offending code exists (if at all).
If this does turn out to affect Debian's version, please note the CVE in
the changelog.
Thanks,
Alec
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506
[1] http://savannah.nongnu.org/bugs/index.php?19536
[2]
http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18&diff_format=u
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGjnKrAud/2YgchcQRAp2sAJ4mMhM+ovCOQ+PczjdsL5AjB+PzFACgjGJu
xU+tJZN4TvZ6hShfJm1o0RA=
=GVM+
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Hi Alec,
On Fri, Jul 06, 2007 at 11:49:47AM -0500, Alec Berryman wrote:
> The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType
> 2.3.3 allows context-dependent attackers to cause a denial of service
> and possibly execute arbitrary code via unspecified vectors involving
> bitmap fonts, related to a "memory buffer overwrite bug."
> This vulnerability may allow access to the accounts of users who use the
> package. The original bug report [1] provides instructions on how to
> reproduce the issue, but I have been unable to do so. The CVE links to
> a patch from freetype's CVS [2]; the code appears to have changed
> between Debian's 2.2 and upstream's 2.3 enough that I can't locate where
> in ftbitmap.c the offending code exists (if at all).
Thank you for the report. I have reviewed the code in question, and am
confident that the vulnerability does not exist in Freetype 2.2.1, having
been introduced in a later reorganization of the ftbitmap.c code. I'm
therefore closing this report, as no action is necessary for the Debian
packages.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--- End Message ---
