Bug#662864: marked as done (freetype: multiple vulnerabilities in freetype before 2.4.9)

Sat, 24 Mar 2012 16:51:34 -0700 

Your message dated Sat, 24 Mar 2012 23:47:58 +0000
with message-id <e1sbagg-0002wd...@franck.debian.org>
and subject line Bug#662864: fixed in freetype 2.4.9-1
has caused the Debian Bug report #662864,
regarding freetype: multiple vulnerabilities in freetype before 2.4.9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
662864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: freetype
Severity: grave
Tags: security
Justification: user security hole

Hi,

several vulnerabilities were found in freetype and were fixed in 2.4.9.

A summary can be found in the oss-sec thread starting at
http://www.openwall.com/lists/oss-security/2012/03/06/13 and followups.

Could you prepare an update for the various affected suites?

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: freetype
Source-Version: 2.4.9-1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.4.9-1_amd64.deb
  to main/f/freetype/freetype2-demos_2.4.9-1_amd64.deb
freetype_2.4.9-1.diff.gz
  to main/f/freetype/freetype_2.4.9-1.diff.gz
freetype_2.4.9-1.dsc
  to main/f/freetype/freetype_2.4.9-1.dsc
freetype_2.4.9.orig.tar.gz
  to main/f/freetype/freetype_2.4.9.orig.tar.gz
libfreetype6-dev_2.4.9-1_amd64.deb
  to main/f/freetype/libfreetype6-dev_2.4.9-1_amd64.deb
libfreetype6-udeb_2.4.9-1_amd64.udeb
  to main/f/freetype/libfreetype6-udeb_2.4.9-1_amd64.udeb
libfreetype6_2.4.9-1_amd64.deb
  to main/f/freetype/libfreetype6_2.4.9-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 662...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vor...@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 24 Mar 2012 23:35:16 +0000
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.4.9-1
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Steve Langasek <vor...@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 617217 642059 662864 663613
Changes: 
 freetype (2.4.9-1) unstable; urgency=low
 .
   * New upstream release
     - upstream fix for multiple vulnerabilities: CVE-2012-1126,
       CVE-2012-1133, CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,
       CVE-2012-1144. and others.  Closes: #662864.
     - update symbols file for a new symbol, ft_raccess_guess_table
   * debian/patches-freetype/savannah-bug-35847.patch,
     debian/patches-freetype/savannah-bug-35833.patch: pull two bugfixes from
     upstream git on top of 2.4.9, to address regressions affecting
     ghostscript.  Thanks to Till Kamppeter for pointing this out.
   * push CPPFLAGS into CFLAGS for ft2demos, so our demos will be secure.
     Closes: #663613.
   * don't let a quiltrc override our QUILT_PATCHES settings in debian/rules.
     Closes: #617217.
   * Migrate debian/copyright to copyright-format 1.0, and fix up the upstream
     URL.  Closes: #642059.
Checksums-Sha1: 
 7e6bd6c89830a01a0e114dc12593f2cb218fd66a 2026 freetype_2.4.9-1.dsc
 686608efbc9c71607af7454b0d81966a47cac74e 1774386 freetype_2.4.9.orig.tar.gz
 1e51190bd4bab89bdc64ee287ec962405ddd7ef3 37568 freetype_2.4.9-1.diff.gz
 c6b68ca140fe70e5a2dd49ec6259c7f74bd63318 449878 libfreetype6_2.4.9-1_amd64.deb
 ff31221ce8e5bc4e9edfb567c44685110c298a6b 802742 
libfreetype6-dev_2.4.9-1_amd64.deb
 02541ae346d33d5a1560061416385d08c621188e 218696 
freetype2-demos_2.4.9-1_amd64.deb
 673c486c923d30fc12d47489670a33431deb3038 323546 
libfreetype6-udeb_2.4.9-1_amd64.udeb
Checksums-Sha256: 
 5d850bdec1ab8368f9d8126387d9173e3f12d10175575fe41a7a735db9895004 2026 
freetype_2.4.9-1.dsc
 add4dc9058bfd0d52e8b90280de9dddf79e3d8029fd4da0bd4fa94cbe9c3e7c4 1774386 
freetype_2.4.9.orig.tar.gz
 321684ec1c3405fb982f09680b650df750c698c601b40a406bf039123faef031 37568 
freetype_2.4.9-1.diff.gz
 7fd92018ff6d9172d6a08079e049b2f68ebd7abe208331d7c14e8406395c8fff 449878 
libfreetype6_2.4.9-1_amd64.deb
 35c963d6d15477e33a73bcfde7ab1d79185e7468125fe7a2ee0cf787396a4bd9 802742 
libfreetype6-dev_2.4.9-1_amd64.deb
 ee4b79c1d52fa61b0830806de6701d112ae76e99edd906c4d29f3dcfc44bf44f 218696 
freetype2-demos_2.4.9-1_amd64.deb
 b84f3ff38fbb3f1b18ae38310a6a3713df322b9fd6d58459d9c35023eeb47f01 323546 
libfreetype6-udeb_2.4.9-1_amd64.udeb
Files: 
 62c2b3a1f11cd58bfcf6ea2d6602930c 2026 libs optional freetype_2.4.9-1.dsc
 d59215a7c9616c752ec3a4c859af240b 1774386 libs optional 
freetype_2.4.9.orig.tar.gz
 cdc6e34be2dbd10cc63e75e696b70773 37568 libs optional freetype_2.4.9-1.diff.gz
 fd9bd2e9c2c5d671d2c625e101f938ce 449878 libs optional 
libfreetype6_2.4.9-1_amd64.deb
 75846a249b9af478bf94ed35bca29fb4 802742 libdevel optional 
libfreetype6-dev_2.4.9-1_amd64.deb
 b7ccdf1118f73f15f104ba0cec710187 218696 utils optional 
freetype2-demos_2.4.9-1_amd64.deb
 6780dda2a14a8b1ac82e33493cca8a8a 323546 debian-installer extra 
libfreetype6-udeb_2.4.9-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBT25avVaNMPMhshM9AQhybxAAxU5WDbQsRiom9Col0hxABvOPACQ1OzwP
S8p8ahWOtdZiBHRBiyFT73WGgJHFjVqawcHDuhirhNvSZkWjkG2NZVYNF8+TRurc
JngoWYh/RWQzU56p8DOxSGkJD/1CeBjSq25UVCS1E/zYcjqO6I6oV48s2bgpqyZN
EUKzIIVLCurLN6kI+XlagzoHYtTCPNI3SMDNzqw6r2093UDtZemivkMQkCbs2Khh
AwJQKydhmdHDZJdUMrVkmVSnmwiMOolCyuhQpQ4SkmhoJUntXP1743KZppnmooIU
kCiMwKco0y1KO3G/XZFpC54qTYF4BqfwqvDOk6ltoQcbO6+G/wPWEoFnnFiofSm9
GjoXUgtCwLcjq6VNe7cm+PgG47Tv3G/NLhlYWCQ7KJhxjoyQOhXYBKTASxPytAQI
l5akZqe5anYoY2nwTVXbPGiaKWrI3m7E1mY6B3NvhdHfmITAlXRANVw+mWNGVmA1
ZN7cMXBz3ttAQzM1HJxrIczr8CnM/IT2IZPZuRFw3Q+9e6W7L67k9JgSQNNRiy6P
Dlnq7n88Nb8OWYdR4BiWH06t9Pa1LxmKfH74AnJbPOx/Q6Qcz1fMBvuqFUxpxu5V
/zwu/TkV1mnDZjALcTdBj1k/DH7VspggebU1UPVh/+eNEOvfKTjguW3bi5K63io+
OkH0pNPnodQ=
=EqV9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to