On Thu, Dec 22, 2011 at 11:54 AM, Tyler Hicks <tyhi...@canonical.com> wrote: > Package: t1lib > Version: 5.1.2-3 > Severity: grave > Tags: patch security > Justification: user security hole > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu precise ubuntu-patch > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764 > > *** /tmp/tmpP7Dzmm > In Ubuntu, the attached patch was applied to achieve the following: > > Prevents an invalid pointer from being dereferenced when using a > maliciously crafted font. > > * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font > - lib/type1/type1.c: Only use ppoints when it is a valid pointer > - CVE-2011-0764
Hi, Thanks for sending the patch this way. Do you have any idea how this CVE relates to CVE-2011-1552 through CVE-2011-1554 [0]? According to mitre's description they are all "different vulnerability than CVE-2011-0764", but then the only useful reference is a link to the CVE-2011-0764 toucan advisory. Best wishes, Mike [0] http://security-tracker.debian.org/tracker/source-package/t1lib -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
