Your message dated Thu, 27 Apr 2023 21:38:50 +0200
with message-id <8dd0a695-32f3-4162-4ea9-c9ee0b8a9...@debian.org>
and subject line Re: Bug#1034634: unblock: freetype/2.12.1+dfsg-5
has caused the Debian Bug report #1034634,
regarding unblock: freetype/2.12.1+dfsg-5
to be marked a
Paul Gevers (2023-04-27):
> This is currently udeb blocked, so I now realize I should have pinged
> you.
No worries, the udeb block is here so that we don't have to worry. :)
> I approved this from our side, can you confirm that after RC2 it's OK
> for d-i too?
It looks fine to me, it can get
to the overflow.
[ Tests ]
Chromium's OSS-Fuzz project regularly fuzzes the FreeType source. After the
upstream fix was applied, the vulnerability was fixed.
[ Risks ]
The patch is non-invasive and very small.
unblock freetype/2.12.1+dfsg-5
This is currently udeb blocked, so I now realize I
Processing control commands:
> tags -1 d-i
Bug #1034634 [release.debian.org] unblock: freetype/2.12.1+dfsg-5
Added tag(s) d-i.
--
1034634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 confirmed moreinfo
On 20-04-2023 13:47, Hugh McMaster wrote:
An integer overflow vulnerability was discovered in FreeType (specifically, the
tt_hvadvance_adjust() function). This is CVE-2023-2004.
Please go ahead and remove the moreinfo tag once the package has been
Processing control commands:
> tags -1 confirmed moreinfo
Bug #1034634 [release.debian.org] unblock: freetype/2.12.1+dfsg-5
Added tag(s) confirmed and moreinfo.
--
1034634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034634
Debian Bug Tracking System
Contact ow...@bugs.debian.
.
[ Risks ]
The patch is non-invasive and very small.
[ Checklist ]
[ x ] all changes are documented in the d/changelog
[ x ] I reviewed all changes and I approve them
[ x ] attach debdiff against the package in testing
unblock freetype/2.12.1+dfsg-5
diff -Nru freetype-2.12.1+dfsg/debian
Processing control commands:
> affects -1 + src:freetype
Bug #1034634 [release.debian.org] unblock: freetype/2.12.1+dfsg-5
Added indication that 1034634 affects src:freetype
--
1034634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034634
Debian Bug Tracking System
Contact
Your message dated Mon, 01 May 2017 16:41:00 +
with message-id <4b576db8-7aa4-7c59-f747-db56f3230...@thykier.net>
and subject line Re: Bug#861526: unblock: freetype/2.6.3-3.2
has caused the Debian Bug report #861526,
regarding unblock: freetype/2.6.3-3.2
to be marked as done.
This
Salvatore Bonaccorso (2017-04-30):
> Please unblock package freetype. It actually has already but it needs
> an ack as well for d-i.
>
> The update fixes two CVEs,
>
> - CVE-2017-8105, #861220
No regressions spotted with various languages, ACK.
KiBi.
signature.asc
and adressed in a DSA for stable. Would thus be great to have the
fixes as well in stretch to avoid a regression.
unblock freetype/2.6.3-3.2
Regards,
Salvatore
diff -u freetype-2.6.3/debian/changelog freetype-2.6.3/debian/changelog
--- freetype-2.6.3/debian/changelog
+++ freetype-2.6.3/debian/changelog
Your message dated Wed, 05 Apr 2017 14:24:00 +
with message-id <ee33b1cc-089b-9579-1b88-b9c61e4ba...@thykier.net>
and subject line Re: Bug#859625: unblock: freetype/2.6.3-3.1
has caused the Debian Bug report #859625,
regarding unblock: freetype/2.6.3-3.1
to be marked as done.
This
Niels Thykier (2017-04-05):
> Salvatore Bonaccorso:
> > Please unblock package freetype
> >
> > The update fixes CVE-2016-10244, tracked as #856971.
> >
> > The parse_charstrings function in does not ensure that a font contains
> > a glyph name, which allows remote attackers
rstrings function in does not ensure that a font contains
> a glyph name, which allows remote attackers to cause a denial of
> service via a crafted file.
>
> Does not warrant a DSA for stable, but would be nice to have it
> already fixed for stretch.
>
> Needs a d-i 'ack' i
remote attackers to cause a denial of
service via a crafted file.
Does not warrant a DSA for stable, but would be nice to have it
already fixed for stretch.
Needs a d-i 'ack' if accepted.
unblock freetype/2.6.3-3.1
Attached debdiff against the version in stretch.
Regards,
Salvatore
-- System
Your message dated Thu, 5 Mar 2015 12:04:42 +0100
with message-id 20150305110442.ga1...@betterave.cristau.org
and subject line Re: Bug#779656: unblock: freetype/2.5.2-3
has caused the Debian Bug report #779656,
regarding unblock: freetype/2.5.2-3
to be marked as done.
This means that you claim
Processing control commands:
tag -1 confirmed
Bug #779656 [release.debian.org] unblock: freetype/2.5.2-3
Added tag(s) confirmed.
--
779656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email
@packages.debian.org
Usertags: unblock
Please unblock package freetype. It fixes multiple security issues.
unblock freetype/2.5.2-3
unblocked, but needs kibi-ack for the udeb.
I haven't anything any obvious regressions while toying around with
various languages/fonts within d-i, so
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package freetype. It fixes multiple security issues.
unblock freetype/2.5.2-3
Debdiff:
diff -u freetype-2.5.2/debian/changelog freetype-2.5.2/debian/changelog
--- freetype
lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie
jessie-ignore stretch stretch-ignore buster buster-ignore.
Bug #779656 [release.debian.org] unblock: freetype/2.5.2-3
Requested to add no tags; doing nothing.
tag -1 + d-i
Bug #779656 [release.debian.org] unblock: freetype
.
unblock freetype/2.5.2-3
unblocked, but needs kibi-ack for the udeb.
Cheers,
Julien
signature.asc
Description: Digital signature
the full debdiff against the current version in
testing.
unblock freetype/2.4.9-1.1
Many thanks for your work, and
Regards,
Salvatore
Base version: freetype_2.4.9-1 from testing
Target version: freetype_2.4.9-1.1 from unstable
Hints in place:
== freeze
# These udebs can be handled directly by britney
Processing control commands:
tags -1 + confirmed d-i
Bug #696918 [release.debian.org] unblock: freetype/2.4.9-1.1
Added tag(s) d-i and confirmed.
--
696918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696918
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 + confirmed d-i
On Sat, 2012-12-29 at 12:51 +0100, Salvatore Bonaccorso wrote:
Please unblock package freetype (but we can wait first the two day
period to have the changes in unstable witouh an already granted
unblock).
The upload fixes three CVEs for freetype, see
Hello,
Adam D. Barratt a...@adam-barratt.org.uk (29/12/2012):
Yep. Unblocked pending the ack; thanks.
no obvious breakages after a few tests, so: d-i ack.
Mraw,
KiBi.
signature.asc
Description: Digital signature
Your message dated Sun, 30 Dec 2012 00:04:53 +
with message-id 1356825893.4281.25.ca...@jacala.jungle.funky-badger.org
and subject line Re: Bug#696918: unblock: freetype/2.4.9-1.1
has caused the Debian Bug report #696918,
regarding unblock: freetype/2.4.9-1.1
to be marked as done.
This means
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package freetype. It fixes CVE-2010-3855 and
CVE-2010-3814.
unblock freetype/2.4.2-2.1
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT
Your message dated Thu, 18 Nov 2010 22:58:23 +0100
with message-id 20101118215823.gl5...@radis.liafa.jussieu.fr
and subject line Re: Bug#603954: unblock: freetype/2.4.2-2.1
has caused the Debian Bug report #603954,
regarding unblock: freetype/2.4.2-2.1
to be marked as done.
This means that you
On Mon, 2009-08-10 at 15:09 +0800, Paul Wise wrote:
Would it be appropriate to unblock freetype, cairo and pango1.0? All
three seem to be frozen due to udebs (debian-boot CCed).
Unblocking them's not a problem, although I'd prefer an ack (or at least
a moo) from the maintainers.
Cheers,
Adam
On Fri, 2009-08-14 at 20:35 +0100, Adam D. Barratt wrote:
On Mon, 2009-08-10 at 15:09 +0800, Paul Wise wrote:
Would it be appropriate to unblock freetype, cairo and pango1.0? All
three seem to be frozen due to udebs (debian-boot CCed).
Unblocking them's not a problem, although I'd prefer
Hi,
Would it be appropriate to unblock freetype, cairo and pango1.0? All
three seem to be frozen due to udebs (debian-boot CCed).
--
bye,
pabs
http://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
Hi,
can you please unblock freetype as it fixes various integer
overflow?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpjAAsLmB5tg.pgp
Description: PGP signature
Nico Golde wrote:
Hi,
can you please unblock freetype as it fixes various integer
overflow?
unblocked
Cheers
Luk
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi,
freetype 2.3.9-4 is ready to go into testing, but it includes a udeb.
debian-boot, is this ok to update?
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer
Steve Langasek wrote:
Hi,
freetype 2.3.9-4 is ready to go into testing, but it includes a udeb.
debian-boot, is this ok to update?
unblocked
Cheers
Luk
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
35 matches
Mail list logo