Bug#592399: marked as done (libfreetype6: Upstream fixed stack overflow; new Version 2.4.2 released)

Tue, 10 Aug 2010 18:21:23 -0700 

Your message dated Wed, 11 Aug 2010 01:17:21 +0000
with message-id <e1oizwx-00067a...@franck.debian.org>
and subject line Bug#592399: fixed in freetype 2.4.2-1
has caused the Debian Bug report #592399,
regarding libfreetype6: Upstream fixed stack overflow; new Version 2.4.2 
released
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
592399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592399
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Subject: libfreetype6: Upstream fixed stack overflow in interpreter
Package: libfreetype6
Version: 2.4.0-2
Severity: important

"CHANGES BETWEEN 2.4.1 and 2.4.2

  I. IMPORTANT BUG FIXES

    - A stack overflow in CFF Type2 CharStrings interpreter is fixed.

    - Handling Type 42 font deallocation was broken; additionally, the
      library is now more robust against malformed Type 42 fonts.


  II. MISCELLANEOUS

    - Two new functions,  `FT_Reference_Library' (in FT_MODULE_H)  and
      `FT_Reference_Face'  (in  FT_FREETYPE_H),  have  been  added  to
      simplify life-cycle management.  A counter gets initialized to 1
      at the  time an  FT_Library (or  FT_Face) structure  is created.
      The  two  new   functions  increment  the  respective   counter.
      `FT_Done_Library' and `FT_Done_Face' then only destroy a library
      or face if the counter is 1, otherwise they simply decrement the
      counter."





-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-0.slh.9-sidux-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libfreetype6 depends on:
ii  libc6                   2.11.2-2         Embedded GNU C Library:
Shared lib
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

--- End Message ---
--- Begin Message --- 
Source: freetype
Source-Version: 2.4.2-1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.4.2-1_amd64.deb
  to main/f/freetype/freetype2-demos_2.4.2-1_amd64.deb
freetype_2.4.2-1.diff.gz
  to main/f/freetype/freetype_2.4.2-1.diff.gz
freetype_2.4.2-1.dsc
  to main/f/freetype/freetype_2.4.2-1.dsc
freetype_2.4.2.orig.tar.gz
  to main/f/freetype/freetype_2.4.2.orig.tar.gz
libfreetype6-dev_2.4.2-1_amd64.deb
  to main/f/freetype/libfreetype6-dev_2.4.2-1_amd64.deb
libfreetype6-udeb_2.4.2-1_amd64.udeb
  to main/f/freetype/libfreetype6-udeb_2.4.2-1_amd64.udeb
libfreetype6_2.4.2-1_amd64.deb
  to main/f/freetype/libfreetype6_2.4.2-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 592...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vor...@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 10 Aug 2010 00:19:04 -0700
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.4.2-1
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Steve Langasek <vor...@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 592399
Changes: 
 freetype (2.4.2-1) unstable; urgency=high
 .
   * New upstream release
     - High urgency upload for RC security bugfix.
     - Corrects a stack overflow in the interpreter for CFF fonts
       (CVE-2010-1797).  Closes: #592399.
     - drop debian/patches-freetype/opentype-missing-glyphs, included
       upstream.
   * Update libfreetype6.symbols for two new functions.
Checksums-Sha1: 
 d31f3eadc730c440651aaa4eb13a4a6e6372b84e 1823 freetype_2.4.2-1.dsc
 d83cec6d0ec900e076a722fc36e0aebbbf23f46c 1698742 freetype_2.4.2.orig.tar.gz
 d28a96c06074962a35d6f4629090cf28a0d3fe4d 35572 freetype_2.4.2-1.diff.gz
 30ca07dafe2d547901d3ee01632d9266d80014ec 376294 libfreetype6_2.4.2-1_amd64.deb
 4cdc26449f07cc04681710c016b58c6fbcaa2eb2 748086 
libfreetype6-dev_2.4.2-1_amd64.deb
 a8c72f6c4dcffaa8b1765ead81fe4c10abdac012 221080 
freetype2-demos_2.4.2-1_amd64.deb
 2b11cf14841f6b75158fe951e11e6f86edce108f 282544 
libfreetype6-udeb_2.4.2-1_amd64.udeb
Checksums-Sha256: 
 6a496549888c584df283e2726e4d14937aa290774d77186a0dc960bf40d72e7b 1823 
freetype_2.4.2-1.dsc
 412f2a071c17562efd6d095a1c52f39036d36ef2c490bf7c1104f83329247f2e 1698742 
freetype_2.4.2.orig.tar.gz
 38d5910c07e48adba7645ad4ab15b5de405c6f5807f18008b60baf0f1c0bc1a3 35572 
freetype_2.4.2-1.diff.gz
 08533925a9d45fcb60051cf0d43872a312bee73ba77c8a07bfbd617bbd45360f 376294 
libfreetype6_2.4.2-1_amd64.deb
 2edd32d2bf547089aea6c19a44625cf62bfbc7198f80462c5f64ce2521d19546 748086 
libfreetype6-dev_2.4.2-1_amd64.deb
 c585be509644e8c6d86c31134cc5cd019a91b9fb699d7073a413d6a9e962638b 221080 
freetype2-demos_2.4.2-1_amd64.deb
 685307c07c71c8c60353baf0e7bb621e0c062a09645c84d558bfa5ca43a94d9e 282544 
libfreetype6-udeb_2.4.2-1_amd64.udeb
Files: 
 0dcffa4cbb5fbf192a16f0f761bf323c 1823 libs optional freetype_2.4.2-1.dsc
 291045832ef23f34acc8cca7bd0ab834 1698742 libs optional 
freetype_2.4.2.orig.tar.gz
 f7a705cfbfdf829943f682165f9dd47e 35572 libs optional freetype_2.4.2-1.diff.gz
 2248b3af27849946fd3e129ad5209594 376294 libs optional 
libfreetype6_2.4.2-1_amd64.deb
 52bb8bb1c69127582e874ca5e10ca3b6 748086 libdevel optional 
libfreetype6-dev_2.4.2-1_amd64.deb
 7dabcbd496000684a49dbc08f4a8b691 221080 utils optional 
freetype2-demos_2.4.2-1_amd64.deb
 ad7c9cd8df5c7f46d04b4a18786a34f3 282544 debian-installer extra 
libfreetype6-udeb_2.4.2-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTGH3jVaNMPMhshM9AQiomg//QfD0pX0o8tCMm/FRuGUzaeLEgpiq/zFE
snnRI7qRdv7Q3IEJImhHImysAEw/OMt+8wn0d0hfxe3cGJUPprt0JwuLGcqzh5VZ
1DafTYV9cL+F+WXSHvIS233l0HzeCEf9Ji+NRFhOvR4mbLUldrhFijQWBu1kApp4
/QMzJhkdIHaftllO2SPc1knOcoU+JxUa7h/5Xv/Uc0jQ5PL75N5h2N4nepbP7aK2
zcoaWF2bs5TmrDerfMyCv4PE7enj7r5ku3DlpzxCmiyxSCn2w3++SUdMcrvHjL26
sMlxh1bOgnedZC+WcB0oOsfyyeDnWHQkiDy2dHIp7E9cvHpxU4kLLlkAVQz6aHUf
XAY+Y8Cf11kWutwY7EeUrQFI0mmCKcXZ2585O2BgEmZbXigImomb0R0W2s1o5kNR
szAKrOzSaQAl9YZImljExFGXyrTe+w0MGAEAEjPWi2N2yCz1BLPH+DQF2Jd22p8L
pjAAcA2+pX+fcghASsHpcVpgBxolQO7LJc/xhhqLzaTEVNlvQMiVuC98uAlQ/5oX
ooknNlep0+lEsFKXPZlrkyP4aBKA2g1rYxbzJ9SbIlYCDJD4NXSwqNiZ2qMQ88E6
kO+dNdiHwlc4tjJkU2hxQUDBG6MznWIIym9mKs/+hJoTWh21Vi8tg8OqmZMJIfL1
PSJidPZTQdU=
=y10x
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to