Bug#602221: marked as done (freetype: CVE-2010-3855 and CVE-2010-3814)

[Debian Bug Tracking System]

Your message dated Thu, 18 Nov 2010 20:48:10 +0000
with message-id <e1pjbos-0004qh...@franck.debian.org>
and subject line Bug#602221: fixed in freetype 2.4.2-2.1
has caused the Debian Bug report #602221,
regarding freetype: CVE-2010-3855 and CVE-2010-3814
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
602221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: freetype
Severity: grave
Tags: security
Justification: user security hole

Two security issues have been fixed in freetype, at least the first
should allow code injection:

CVE-2010-3855:
https://savannah.nongnu.org/bugs/?31310
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a

CVE-2010-3814:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs16-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: freetype
Source-Version: 2.4.2-2.1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.4.2-2.1_i386.deb
  to main/f/freetype/freetype2-demos_2.4.2-2.1_i386.deb
freetype_2.4.2-2.1.diff.gz
  to main/f/freetype/freetype_2.4.2-2.1.diff.gz
freetype_2.4.2-2.1.dsc
  to main/f/freetype/freetype_2.4.2-2.1.dsc
libfreetype6-dev_2.4.2-2.1_i386.deb
  to main/f/freetype/libfreetype6-dev_2.4.2-2.1_i386.deb
libfreetype6-udeb_2.4.2-2.1_i386.udeb
  to main/f/freetype/libfreetype6-udeb_2.4.2-2.1_i386.udeb
libfreetype6_2.4.2-2.1_i386.deb
  to main/f/freetype/libfreetype6_2.4.2-2.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 602...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <j...@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 18 Nov 2010 21:16:12 +0100
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source i386
Version: 2.4.2-2.1
Distribution: unstable
Urgency: medium
Maintainer: Steve Langasek <vor...@debian.org>
Changed-By: Moritz Muehlenhoff <j...@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 602221
Changes: 
 freetype (2.4.2-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2010-3855 and CVE-2010-3814 (Closes: #602221)
Checksums-Sha1: 
 5e5f444c312d4bb6f768b2243565deceffcd5ee0 1199 freetype_2.4.2-2.1.dsc
 568e6703b3beba2165f0b56e5d7c95148c3a1f24 36566 freetype_2.4.2-2.1.diff.gz
 028c4f43e4fe7884f4cd4fc8c4f6a6bf75bddeb6 359076 libfreetype6_2.4.2-2.1_i386.deb
 bcd9b326e91ea7b5a7e5c86a3d33b01020dafd97 710324 
libfreetype6-dev_2.4.2-2.1_i386.deb
 14f7256384278dd2f321bfaee060c86ba5a083c9 189598 
freetype2-demos_2.4.2-2.1_i386.deb
 0cf89f73eec7b8bc239e3c49bbd8f9f03e853add 265426 
libfreetype6-udeb_2.4.2-2.1_i386.udeb
Checksums-Sha256: 
 41d3ed18e31cd974f9f4ef603eba5e84e7d187b1fa8b506611990683fd43e897 1199 
freetype_2.4.2-2.1.dsc
 2a359e448ff0f7ac7c50ee81ffbd804b1900ee3e6450de77f4d7f605997af3b1 36566 
freetype_2.4.2-2.1.diff.gz
 a0bdc67bd6445efa60ddb5889202e36be16f296275260650823a0884819f6583 359076 
libfreetype6_2.4.2-2.1_i386.deb
 2419911213d788cddbafb021d52454f3cbeac7651048a7fd3bec93d305d987cc 710324 
libfreetype6-dev_2.4.2-2.1_i386.deb
 80cf3fa0190caa13ce61ab961275805ea4f3161f14b43d6f89d47a64dbf105dd 189598 
freetype2-demos_2.4.2-2.1_i386.deb
 26e5486865cd6633dd205194a98cbc504326099304916a4c798916c1a563a8e4 265426 
libfreetype6-udeb_2.4.2-2.1_i386.udeb
Files: 
 dff01e746c18bcbcf0a476872e5ae64b 1199 libs optional freetype_2.4.2-2.1.dsc
 68a5fe548b573eb994d212b0928f249b 36566 libs optional freetype_2.4.2-2.1.diff.gz
 66573cc6e4be9546e8a8c7f8fc662989 359076 libs optional 
libfreetype6_2.4.2-2.1_i386.deb
 fda31ec1ff9f5cca84f7939878d19d12 710324 libdevel optional 
libfreetype6-dev_2.4.2-2.1_i386.deb
 8b1dea92a774660fc154f63998490579 189598 utils optional 
freetype2-demos_2.4.2-2.1_i386.deb
 920fc009a335125920a77a99b3e0dc5c 265426 debian-installer extra 
libfreetype6-udeb_2.4.2-2.1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzliqgACgkQXm3vHE4uylpZKQCfeOZ2nzkeVfT5nmso4//asrKl
GKYAoMuTZRa01FNFVu4sUzSCaweel/DE
=2dZq
-----END PGP SIGNATURE-----

--- End Message ---