Bug#635871: Vulnerability in parsing Type 1 fonts

Tue, 02 Aug 2011 10:24:19 -0700 

Package: freetype
Followup-For: Bug #635871

Proposed security updates.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-rc6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u freetype-2.4.2/debian/changelog freetype-2.4.2/debian/changelog
--- freetype-2.4.2/debian/changelog
+++ freetype-2.4.2/debian/changelog
@@ -1,3 +1,10 @@
+freetype (2.4.2-2.2) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2011-0226 (Closes: #635871)
+
+ -- Kan-Ru Chen <kos...@debian.org>  Wed, 03 Aug 2011 01:10:20 +0800
+
 freetype (2.4.2-2.1) unstable; urgency=medium
 
   * Non-maintainer upload by the Security Team.
diff -u freetype-2.4.2/debian/patches-freetype/series freetype-2.4.2/debian/patches-freetype/series
--- freetype-2.4.2/debian/patches-freetype/series
+++ freetype-2.4.2/debian/patches-freetype/series
@@ -4,0 +5 @@
+CVE-2011-0226.patch
only in patch2:
unchanged:
--- freetype-2.4.2.orig/debian/patches-freetype/CVE-2011-0226.patch
+++ freetype-2.4.2/debian/patches-freetype/CVE-2011-0226.patch
@@ -0,0 +1,51 @@
+commit c46b1e2476cc1804c0dd25d463be3c99d58befd7
+Author: Werner Lemberg <w...@gnu.org>
+Date:   Fri Jul 8 13:46:42 2011 +0200
+
+    [psaux] Add better argument check for `callothersubr'.
+    
+    * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+    <op_callothersubr>: Reject negative arguments.
+
+commit dc33b4a1555c184b83a402dfa1856b213e6b4fbd
+Author: Алексей Подтележников <apodt...@gmail.com>
+Date:   Sun Jul 10 07:08:51 2011 +0200
+
+    [psaux] Optimize previous commit.
+    
+    * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+    <op_callothersubr>: Move error check down to avoid testing twice for
+    good cases.
+
+commit 60f8371353013e78ab0a789f49af90d64fe65f0d
+Author: Werner Lemberg <w...@gnu.org>
+Date:   Thu Jul 14 07:34:12 2011 +0200
+
+    * src/psaux/t1decode.c (t1_decoder_parse_charstrings)
+    <op_callothersubr>: Better handling of subroutine index 0.
+    From Matthias Drochner <m.droch...@fz-juelich.de>.
+
+diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
+index ea31c51..7ed031e 100644
+--- a/src/psaux/t1decode.c
++++ b/src/psaux/t1decode.c
+@@ -1009,11 +1009,14 @@
+           break;
+ 
+         default:
+-          FT_ERROR(( "t1_decoder_parse_charstrings:"
+-                     " unknown othersubr [%d %d], wish me luck\n",
+-                     arg_cnt, subr_no ));
+-          unknown_othersubr_result_cnt = arg_cnt;
+-          break;
++          if ( arg_cnt >= 0 && subr_no >= 0 )
++          {
++            FT_ERROR(( "t1_decoder_parse_charstrings:"
++                       " unknown othersubr [%d %d], wish me luck\n",
++                       arg_cnt, subr_no ));
++            unknown_othersubr_result_cnt = arg_cnt;
++            break;
++          }
+ 
+         Unexpected_OtherSubr:
+           FT_ERROR(( "t1_decoder_parse_charstrings:"

Reply via email to