Bug#524925: marked as done (freetype: multiple integer overflows)

[Debian Bug Tracking System]

Your message dated Mon, 01 Jun 2009 11:47:05 +0000
with message-id <e1mb5yr-0007ts...@ries.debian.org>
and subject line Bug#524925: fixed in freetype 2.3.9-5
has caused the Debian Bug report #524925,
regarding freetype: multiple integer overflows
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
524925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: freetype
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for freetype.

CVE-2009-0946[0]:
| Multiple integer overflows in FreeType 2.3.9 and earlier allow remote
| attackers to execute arbitrary code via vectors related to large
| values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c,
| and (3) cff/cffload.c.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

The upstream patches for this are:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5

I can provide test-cases for these bugs in private if you need them.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946
    http://security-tracker.debian.net/tracker/CVE-2009-0946

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

pgpJ7RG7EJmAq.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: freetype
Source-Version: 2.3.9-5

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.3.9-5_amd64.deb
  to pool/main/f/freetype/freetype2-demos_2.3.9-5_amd64.deb
freetype_2.3.9-5.diff.gz
  to pool/main/f/freetype/freetype_2.3.9-5.diff.gz
freetype_2.3.9-5.dsc
  to pool/main/f/freetype/freetype_2.3.9-5.dsc
libfreetype6-dev_2.3.9-5_amd64.deb
  to pool/main/f/freetype/libfreetype6-dev_2.3.9-5_amd64.deb
libfreetype6-udeb_2.3.9-5_amd64.udeb
  to pool/main/f/freetype/libfreetype6-udeb_2.3.9-5_amd64.udeb
libfreetype6_2.3.9-5_amd64.deb
  to pool/main/f/freetype/libfreetype6_2.3.9-5_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 524...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vor...@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Jun 2009 04:37:19 -0700
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.3.9-5
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Steve Langasek <vor...@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 315845 465292 524925
Changes: 
 freetype (2.3.9-5) unstable; urgency=low
 .
   * Pass proper --host/--build args to ./configure, to support
     cross-building.  Closes: #465292.
   * clean up a number of unused variables in debian/rules; maybe someday
     we'll get this package to converge on debhelper 7... :)
   * Fix the doc-base section for libfreetype6-dev.  Closes: #315845.
   * Remove one final reference to /usr/X11R6 in debian/rules.
   * Drop incorrect Replaces: freetype0, freetype1
   * Add debian/README.source, documenting the madness that is this source
     package.
   * Standards-Version to 3.8.0.
   * Fix multiple integer overflows leading to arbitrary code execution
     or DoS (CVE-2009-0946; Closes: #524925).  Thanks to Nico Golde for the
     NMU.
Checksums-Sha1: 
 32f6127b97a2b8ac85989efc72db0766841e28a4 1182 freetype_2.3.9-5.dsc
 80f58bdf45ba8f1d796a66cdfd7f39dea2bab05e 35940 freetype_2.3.9-5.diff.gz
 eb782780fd77c3f1e2a073d80785c24173122da8 408236 libfreetype6_2.3.9-5_amd64.deb
 e87ba28bf0c67e2fae1bf7eef8e3fa70d2d05e57 730166 
libfreetype6-dev_2.3.9-5_amd64.deb
 ed2281f5e3be4eefc463f9886ab24e7ca544c3fe 223036 
freetype2-demos_2.3.9-5_amd64.deb
 c42a3d0fbc18642109d3359566dc6c7665d9aa1a 274926 
libfreetype6-udeb_2.3.9-5_amd64.udeb
Checksums-Sha256: 
 6ba3be92fd5fb9d23db9ad73fd23c3122faa832023da263610e9ed39e8123944 1182 
freetype_2.3.9-5.dsc
 7a8feaebdf31d15af4288a31ae2b40295682dd13554c21714698cf0875515c48 35940 
freetype_2.3.9-5.diff.gz
 8a75cc0327e3a97b00e64df0bbf2ed09b5018c6c3c57b9933a0593d741a63131 408236 
libfreetype6_2.3.9-5_amd64.deb
 d7a559b80bf910936c6056b1533ef74ec2cc88a01e7e5aa9816a4afef13e4d5d 730166 
libfreetype6-dev_2.3.9-5_amd64.deb
 24b13a4d3d03c8f780caa7dffbc913f6b27ae5a852c70c82d6b1b8838bc66e40 223036 
freetype2-demos_2.3.9-5_amd64.deb
 7522f76a234097484ba9d0cc367233ba0168137f8c4b0a5e1a9ee4067b207a68 274926 
libfreetype6-udeb_2.3.9-5_amd64.udeb
Files: 
 c72fa038c028dc181b41d0e68ea41fd7 1182 libs optional freetype_2.3.9-5.dsc
 e24a028d0a6b8e0bb943f658a0debdc8 35940 libs optional freetype_2.3.9-5.diff.gz
 f5c544643dd45c3039a59ef38fe266f2 408236 libs optional 
libfreetype6_2.3.9-5_amd64.deb
 202260d88fd855c37d1d8333d228fe28 730166 libdevel optional 
libfreetype6-dev_2.3.9-5_amd64.deb
 ddb4ef66a2a8559f647cb83897f72292 223036 utils optional 
freetype2-demos_2.3.9-5_amd64.deb
 d5511ed77d9920133cd92e901b917dd3 274926 debian-installer extra 
libfreetype6-udeb_2.3.9-5_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKI75JKN6ufymYLloRAkyRAJsEv46N9Mn+yeycIKgWaF+i/hLN5gCdGVh5
RqUvWflPzGfZGzsbDINM5TI=
=bIRi
-----END PGP SIGNATURE-----

--- End Message ---