Your message dated Sun, 24 May 2009 13:54:10 +0000
with message-id <e1m8e9s-00036i...@ries.debian.org>
and subject line Bug#524925: fixed in freetype 2.3.7-2+lenny1
has caused the Debian Bug report #524925,
regarding freetype: multiple integer overflows
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
524925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: freetype
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for freetype.
CVE-2009-0946[0]:
| Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
| attackers to execute arbitrary code via vectors related to large
| values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
| and (3) cff/cffload.c.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The upstream patches for this are:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
I can provide test-cases for these bugs in private if you need them.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
http://security-tracker.debian.net/tracker/CVE-2009-0946
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp3czTgeC1Lm.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: freetype
Source-Version: 2.3.7-2+lenny1
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.3.7-2+lenny1_i386.deb
to pool/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_i386.deb
freetype_2.3.7-2+lenny1.diff.gz
to pool/main/f/freetype/freetype_2.3.7-2+lenny1.diff.gz
freetype_2.3.7-2+lenny1.dsc
to pool/main/f/freetype/freetype_2.3.7-2+lenny1.dsc
libfreetype6-dev_2.3.7-2+lenny1_i386.deb
to pool/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_i386.deb
libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
to pool/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
libfreetype6_2.3.7-2+lenny1_i386.deb
to pool/main/f/freetype/libfreetype6_2.3.7-2+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 524...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 29 Apr 2009 15:09:46 +0000
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source i386
Version: 2.3.7-2+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 524925
Changes:
freetype (2.3.7-2+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update fixes various integer overflows in cff/cffload.c,
smooth/ftsmooth.c amd sfnt/ttcmap.c leading to arbitrary code
execution or denial of service via a crafted font file
(CVE-2009-0946; Closes: #524925).
Checksums-Sha1:
6d0e3cb727e5a483d00b2de2874ff7ffc3bb9832 1218 freetype_2.3.7-2+lenny1.dsc
57788883bd8bf09a29e93ac27ab21226d1a9fb9c 1567540 freetype_2.3.7.orig.tar.gz
09f2612b7843f490e7570d288ae445f640787fdc 32714 freetype_2.3.7-2+lenny1.diff.gz
e3427ef7847cc14ad8e6a8ccbe1b58fe6ec535c9 371606
libfreetype6_2.3.7-2+lenny1_i386.deb
c24797efbbcf045fe76a57d5f9bdcec718e09ec6 685616
libfreetype6-dev_2.3.7-2+lenny1_i386.deb
0c77ac9fbb5e449fde43332ddc313d84bc9686c1 198880
freetype2-demos_2.3.7-2+lenny1_i386.deb
a823c26a77822d44ee1702e8a3ed3fa4c752bc68 254386
libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
Checksums-Sha256:
bb74c49e5acc2ca62e9afc3134db4fe56b2c3b1bb15e9e0d9029e5aeabe3f4b6 1218
freetype_2.3.7-2+lenny1.dsc
f779897742b81c42c912716b0827379887195ea1bcb6464a7ce1843409d39c23 1567540
freetype_2.3.7.orig.tar.gz
d26a4382f7f27ee61d30655f721a04042f09ee4ab06c29d3a3cd4d4ac1aebd1f 32714
freetype_2.3.7-2+lenny1.diff.gz
06dd750852e3fa5b78ff50f08b9775221945c14c9d911cad73f50587b85e50ec 371606
libfreetype6_2.3.7-2+lenny1_i386.deb
4b8cd928c10164572608f33501e5e3066c6c17d0f548dd698c75b164fc090b02 685616
libfreetype6-dev_2.3.7-2+lenny1_i386.deb
4c4f68c1e3ae1e323c44f50b1eb0c7e9c8123e6207c72e038e5e31613fc78919 198880
freetype2-demos_2.3.7-2+lenny1_i386.deb
28a9fb03737a5604989b40237b821fcde80134b388578053e069139782da72c9 254386
libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
Files:
44b657bd7355ca8852b5f728220521ce 1218 libs optional freetype_2.3.7-2+lenny1.dsc
c1a9f44fde316470176fd6d66af3a0e8 1567540 libs optional
freetype_2.3.7.orig.tar.gz
61c850f28c09fe85dae75d4f1b99face 32714 libs optional
freetype_2.3.7-2+lenny1.diff.gz
7e56c724b16e31ea9e2b42c54ec4a251 371606 libs optional
libfreetype6_2.3.7-2+lenny1_i386.deb
76c13ff85e98143d4e5fd52b69968784 685616 libdevel optional
libfreetype6-dev_2.3.7-2+lenny1_i386.deb
46f5663ce579a51e18dc934109cc0645 198880 utils optional
freetype2-demos_2.3.7-2+lenny1_i386.deb
951df80ccc9bef3d07dedbbe17760d82 254386 debian-installer extra
libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn4b1AACgkQHYflSXNkfP9YSACgpHNGfrVgXu53GV9mRdd1cCDb
yEYAnRobHWXYMU27t0jYxtmXl/ILene9
=43vu
-----END PGP SIGNATURE-----
--- End Message ---
