On Fri, Jul 07, 2006 at 08:42:59PM +0200, Martin Schulze wrote: > Steve Langasek wrote: > > As mentioned earlier this month, a regression was found in the freetype > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to crash > > with division-by-zero errors. I've prepared a maintainer upload to fix > > this regression using the patch from bug #373581, which can be found at > > <http://people.debian.org/~vorlon/freetype-DSA/>.
> Are you sure this is the proper fix? > -+ if ((FT_ULong)pitch > LONG_MAX/height) > ++ if (height != 0 && (FT_ULong)pitch > LONG_MAX/height) It appears to be a correct fix for the regression that has been reported. > I'd rather make it read: > if (height <= 0 || (FT_ULong)pitch > LONG_MAX/height) > because later we have "pitch * height" which will result in a malloc > of zero. This 'pitch * height' is pre-existing code in 2.1.7-2.4 and users report no problems with OOo running against that version of freetype. I have not traced the code to determine whether changing the returned error in the case of a height of 0 has any side effects; given that there are no previous complaints about height==0, I don't think this is a change that needs to be made in a security update. > The package contains changes to debootstrap.log that should > not be there btw. Hmm, so it does. I've re-rolled the package to drop this spurious change and am re-uploading it now. On Fri, Jul 07, 2006 at 08:44:22PM +0200, Martin Schulze wrote: > Steve Langasek wrote: > > On Mon, Jun 26, 2006 at 08:36:07AM +0100, Steve Kemp wrote: > > > On Sun, Jun 25, 2006 at 03:09:51PM -0700, Steve Langasek wrote: > > > > > > As mentioned earlier this month, a regression was found in the freetype > > > > 2.1.7-2.5 package uploaded for DSA-1095 which caused applications to > > > > crash > > > > with division-by-zero errors. I've prepared a maintainer upload to fix > > > > this regression using the patch from bug #373581, which can be found at > > > > <http://people.debian.org/~vorlon/freetype-DSA/>. > > > > > > Can I upload this to security.d.o for a revised DSA? > > > > > Yes, please do. > > Uploaded. > Btw. where? I can't see it. Successfully uploaded freetype_2.1.7-3.dsc to security-master.debian.org. Successfully uploaded freetype_2.1.7-3.diff.gz to security-master.debian.org. Successfully uploaded libfreetype6_2.1.7-3_i386.deb to security-master.debian.org. Successfully uploaded libfreetype6-dev_2.1.7-3_i386.deb to security-master.debian.org. Successfully uploaded freetype2-demos_2.1.7-3_i386.deb to security-master.debian.org. Successfully uploaded libfreetype6-udeb_2.1.7-3_i386.udeb to security-master.debian.org. Successfully uploaded freetype_2.1.7-3_i386.changes to security-master.debian.org. This was done with distribution=stable-security. Hopefully the second try won't disappear also... -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
