Your message dated Fri, 28 Dec 2012 21:17:31 +0000 with message-id <e1tohj5-0007e2...@franck.debian.org> and subject line Bug#696691: fixed in freetype 2.4.9-1.1 has caused the Debian Bug report #696691, regarding freetype: multiple vulnerabilities in freetype before 2.4.11 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696691: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freetype Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerabilities were published for freetype. CVE-2012-5670[0]: Out-of-bounds write in _bdf_parse_glyphs CVE-2012-5669[1]: Out-of-bounds read in _bdf_parse_glyphs CVE-2012-5668[2]: NULL Pointer Dereference in bdf_free_font If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-5670 https://savannah.nongnu.org/bugs/?37907 [1] http://security-tracker.debian.org/tracker/CVE-2012-5669 https://savannah.nongnu.org/bugs/?37906 [2] http://security-tracker.debian.org/tracker/CVE-2012-5668 https://savannah.nongnu.org/bugs/?37905 Please adjust the affected versions in the BTS as needed. Note I'm only reporting these issues reportd in [3] to the BTS. [3] http://www.openwall.com/lists/oss-security/2012/12/25/1 Regards, Salvatore - -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ2jd5AAoJEHidbwV/2GP+aVsP/iZF8NvECdGiP2vfGMiN1/iB Cqn4oRJW24ZhvONmw4xOumcjrqVPEV9BJ36wFQk7PWAzJSxq4mSb1ntJV5oZtUa+ yYQeNweoBTYc53wvc66YmQa31XzvhbayPZrAIt40cJE87DcvjN3DFF/kNuIHCiCS p46v27heaMfVazuB7QCyYglmNkeQ9orfRi4XECYCRlNz0aKxBcl9QqdbFKZj7f41 RGF/Qvx7iYI6zoDpsPAJlXGYJkCRwogIP61tL4Q0VjgQI4aCzRW8TloM9dU45Iwk NDjXKsJlvRDtlPnxxhWZsqXGHWMvn7MfNFdMzO88GwWemEBTerd65KKUqocqttME DEiW9a1/wWyronBonzqwm/YSyyET61mHMJ191l98SUOSuPAXwPTsmCauKXqFJPog HTWMYz17WoWJCdCwB5SrLYUp0yEP4IsSGggWR2k66k6rzUDVGdAH3b5c/z51Qzjx bza+ALQGpZH5S4riG7D6nReDwHop+8ASIvA/yiE/t5wDeOWWOLVvHxN/9ha7t+yP dXPwcgK4ig/uwpYyhYpMkpFWuU0PHMXHHZ1yEncXdFDi8MQ3lG4cClNGbIHQMqJE xoq5qMg9nRD1ZLHjfs0gBhBeQGmbKH/9cSEjnCR4k5r8UcM7gonbwrlGwbyekoFu NK1h2G3vwISrD1aBeO8V =2ofn -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: freetype Source-Version: 2.4.9-1.1 We believe that the bug you reported is fixed in the latest version of freetype, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated freetype package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Dec 2012 21:32:28 +0100 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source amd64 Version: 2.4.9-1.1 Distribution: unstable Urgency: high Maintainer: Steve Langasek <vor...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Closes: 696691 Changes: freetype (2.4.9-1.1) unstable; urgency=high . * Non-maintainer upload. Upload ACKed by Steve Langasek <vor...@debian.org> on #debian-devel. * Add savannah-bug-37905.patch patch [SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font. (Closes: #696691) * Add savannah-bug-37906.patch patch [SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs. (Closes: #696691) * Add savannah-bug-37907.patch patch [SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs. (Closes: #696691) Checksums-Sha1: b7f5583ba9e38ff515a51083d4f2a1e067dca274 2042 freetype_2.4.9-1.1.dsc e92c3ce97cecd907fe8b2e474512a2cf88eeb558 38477 freetype_2.4.9-1.1.diff.gz acac1459e13b916f3ed47022a306d504c8d9ea95 451498 libfreetype6_2.4.9-1.1_amd64.deb 6a5dfedf4b9c81950a7ac1ecd89fb8e446f238a5 804940 libfreetype6-dev_2.4.9-1.1_amd64.deb c3e4774fd7f51ba173e028aaeb0ffd0fd5785ff3 218226 freetype2-demos_2.4.9-1.1_amd64.deb e0270c9d8dee81cf26480989d8a3c8c7641b7da8 272504 libfreetype6-udeb_2.4.9-1.1_amd64.udeb Checksums-Sha256: 81be2061cc96277fdded252bebfcabb8656011882b7743c98b98a070ff925401 2042 freetype_2.4.9-1.1.dsc 66f03d0d1341ed0faeccc9f38bbfd996aa9099dc8e15e6e6225e979e4309292e 38477 freetype_2.4.9-1.1.diff.gz 76dafed34b9cdcdab13268c00a514cf8f43740fef1ed6d843978095582a9059b 451498 libfreetype6_2.4.9-1.1_amd64.deb f3f3229a31c5721f88b5c29a370580edebc8f1ddbb01c355cf6ecfc837c7a227 804940 libfreetype6-dev_2.4.9-1.1_amd64.deb f08dda7bf1bc64f6517bf9fd9921cf7b399de88ab94ca736695d6e8932a99b61 218226 freetype2-demos_2.4.9-1.1_amd64.deb 6d3d4397a9adb41d540e90dc4ac11f477b5a8aa6bd92f974a0c0818536056c2d 272504 libfreetype6-udeb_2.4.9-1.1_amd64.udeb Files: bc21967bfbcbaeea6e5eb065253fdf5e 2042 libs optional freetype_2.4.9-1.1.dsc e3113bc44a355d27c4a242697542020d 38477 libs optional freetype_2.4.9-1.1.diff.gz 9de3b390b3bfc1662e6acf16f03c5ecf 451498 libs optional libfreetype6_2.4.9-1.1_amd64.deb a19ba5cf3e2c006410d609b66ff399fb 804940 libdevel optional libfreetype6-dev_2.4.9-1.1_amd64.deb 5a8bf00c21221d58c3c5db8e7bf0b4a3 218226 utils optional freetype2-demos_2.4.9-1.1_amd64.deb 896ee7eea04f813f5afa9b75fa60d6ab 272504 debian-installer extra libfreetype6-udeb_2.4.9-1.1_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ3gk+AAoJEHidbwV/2GP+s1AQAOfytyhE9Q0etAe46pezl1wv t9O7VknqMUKHYoHTZdOVC4+0TgL/AGSLQocdQWMAP8/keNFJ0rRr6BZpawmmzuTC ZGHITAGSZffP8oju0hh8us+PJRgJpL70WlAs40BhwcIo+ht85V/ERP0EGC0kS1Iw jqfQYbQrOK2n8sFaSgtOOCxueMCawSKVecEHsIOVOVWBRE6YbZmJI/v9oz/OXvOX Mdo7x74C9AKVcEleG5iYnlo2M1F3YswCOEbbsWmdSNVdKH/85ibf36AevTp+fbq6 Qa+tN1SCEvns+KzBcFSnTDkZQcQRLWBdFobJ8lz61LF5bdh8DXNuz5J1ns0EY9tH PbyMpfLElCpz5z/BvyTnZzy9Y3odAieMfPDWMmZ/35YSKk1o9UIkrIC1M8S+G9SD ossLw7e1i+h6nxC42saLSe0JOyi6CL4/p03x51Hry0Y75v7+yG7HHGQwimkjhFrX t8GeJFxJGzO7tkdxvwCfLOgNqC2KmWn2fFTNx8udo+iYFmN5pUnRwa+tnWN4Ultr 5jBttCQIu/w0joZwtlZp0OBXsVdGne22X5yyq2zLfri+GJAZaMmyRQW9EGPcbzOw uochlu/JFX3pUQ4Lfw3XrDHQ+8hg0bNHpGE0+CDaZf5T4rSRH2Eeboo7WzG2InB4 eRapB33yS/Qcw0CKA+Fq =RpK+ -----END PGP SIGNATURE-----
--- End Message ---
