Your message dated Fri, 08 Aug 2014 17:18:42 +0000 with message-id <e1xfnoq-0003p1...@franck.debian.org> and subject line Bug#741299: fixed in freetype 2.5.2-1.1 has caused the Debian Bug report #741299, regarding freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 741299: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freetype Version: 2.5.1-1 Severity: grave Tags: patch Hi, Two vulnerabilities have been identified in freetype in the recently contributed CFF rasterizer code. Please refer to the references for the details. From what I understood from the bug report, CVE-2014-2240 is the stack OOB read/write, while CVE-2014-2241 is the DoS caused by the assert. References: http://openwall.com/lists/oss-security/2014/03/10/2 http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/ https://savannah.nongnu.org/bugs/?41697 https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---Source: freetype Source-Version: 2.5.2-1.1 We believe that the bug you reported is fixed in the latest version of freetype, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 741...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated freetype package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 28 Jul 2014 02:56:08 +0000 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source amd64 Version: 2.5.2-1.1 Distribution: unstable Urgency: high Maintainer: Steve Langasek <vor...@debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Closes: 741299 Changes: freetype (2.5.2-1.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix two security issues in the CFF rasterizer (closes: #741299) - CVE-2014-2240: out-of-bounds read/write in cf2hints.c. - CVE-2014-2241: denial-of-service in cf2ft.c. Checksums-Sha1: 321b7edd9f716522f82a8fc5940f3c2e77053065 2792 freetype_2.5.2-1.1.dsc b209f6941fd0609dec38432e21f8f6969de53c0a 38710 freetype_2.5.2-1.1.diff.gz f3c31fc5e9fe818cccee098b26291a5e8222989d 456500 libfreetype6_2.5.2-1.1_amd64.deb 4969cae2438abc508343b0dc9f3442fa0f980dce 630412 libfreetype6-dev_2.5.2-1.1_amd64.deb e2537c8bccda6990d74e5e8522829c5a611f680b 93554 freetype2-demos_2.5.2-1.1_amd64.deb 8d1ee44319908fa8171be6341c409fd3af6ffa48 286096 libfreetype6-udeb_2.5.2-1.1_amd64.udeb Checksums-Sha256: ccd307e6d8f338aabff59793da687fb5f3221cf8375a7990694180e95ade4219 2792 freetype_2.5.2-1.1.dsc bc0399084663ae762f6b3ad79d255286cc277abc2fb5350c72bcd6fa96b616ad 38710 freetype_2.5.2-1.1.diff.gz d2d42bd05858a6de74145ffe672013121f38d390bce9829560571c70b8d22443 456500 libfreetype6_2.5.2-1.1_amd64.deb 859d790500b16207c923e8085903ef74eb641bcbd9da6048ffe3e507088aad0a 630412 libfreetype6-dev_2.5.2-1.1_amd64.deb 45dc1b01986f397a5d2a7c30d71c9a8023d822e8d350642673eee77693bafadf 93554 freetype2-demos_2.5.2-1.1_amd64.deb 8a28f99bb5149db5ae56554fb66899a58dd09f3b9a1ba95dc12c7b3c9fdb8f30 286096 libfreetype6-udeb_2.5.2-1.1_amd64.udeb Files: 17be7091ad243067e1fcd5ab4aebdb59 456500 libs optional libfreetype6_2.5.2-1.1_amd64.deb f31177445871c3711b76382a7e66e9c0 630412 libdevel optional libfreetype6-dev_2.5.2-1.1_amd64.deb 2d56b63f3c1028d4ad8ff632b9c990b5 93554 utils optional freetype2-demos_2.5.2-1.1_amd64.deb f76828d6ddda15fb5a9321e94e85d879 286096 debian-installer extra libfreetype6-udeb_2.5.2-1.1_amd64.udeb e978a56b3eec8e7363b23322aa99640c 2792 libs optional freetype_2.5.2-1.1.dsc f3d74c8a98075a5bc91358148dd3d680 38710 libs optional freetype_2.5.2-1.1.diff.gz Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJT5QUuAAoJELjWss0C1vRzIMIf+wXhB2FplUDzRWgoYAEvMI1b wAGIC31rMnzrx5Pz9fBlCqYzlExQiK3uEmvlxM+LZEfBMssdu0yfEuQFMokAcGYQ 5lyZKqtSdNb4wBJo1KoEOXyMJAyR8/X1qeCSgKaJpF3YYH9yZ30ggdP7y93WfRRj FQO9snp68a0I3LkQXKCIsmQYDUMG9iSfEUyihAwf9pxqKfEW3bNYxFdggC0cS2RM 5htMyuRY07t1gxkn1a5/ZOLZ7+NPhFJIq5Kn/v2CAhPL08SHz1Q5fkjhe9bpXlTm pVY/oCl9q11R8xKnz2gfexCX5VJa4nEoNhb1VQ1/0rzUYIP/0gfxRh73HJJRDcNM Ya7fvvEdZT9A6uGNB5MuX1TJUbHn41Y/lxz6fU8Yq+N/5rFspP7d+AGFq1W/XCk6 DgNkksa4Let8IRRJwE9nygfzDT7aWDb4fm4nttxrJiPpsJ/3MFfWkgfi2C89xexh Eca0T1vlCrKAraB+QdYnZC3wTobHQeaS4cRrmlwy2WHItsCGjJSipPRo5Cb9LNDt LjQzipGfk8/XJbZQ8386h1H5VwGKoUpIChLDV5+QXlZwst26t0ZzsUsqKma/z++H H+Zv5mtLxfZ1N8vU0matVmn+ckhu1W7cSupVJXwCbXNyFQPNc5NUjWqbX5fr0aX7 hMO1hlNdvialRoTOVc9RtVUIDEk9BINA1gfHDWIWgRqlfSP/xPLotOZiXLEy1aFC uKYLpIGL5ZrgkdPcTTVu2s6yt5z7O+QFi9Jw0Focks22Do/ZQZ8BKjUjn9ETPDpL KKB44LbcbXExr+dVR0dX6QU7wPiTXu+VP9Z+O62CUnMf3SuGFC8oYBq0prNhS5PB 6oMkBhKlivGeZymmYMJrZyILjb+CFmNcvLD9S9pEwD3QBWU1PrtiTBK9wMdOgCWJ BuQiC6suvSJFhWcl3qKhiUx5MrG+oEgM5J1mDeybxvvQ1S5ORgiqd0TErclJSWUl EnwTVLJbTTplnlyr7s2hrxM9DTjTkcyx/yX7m8bY4bwggf6ZbroYBoDKaUYDHSTJ vrFNupk2pn/fhQJoHrGnLx7o7t8kuA7yNpigCdIbEz6jNaFjXeA6LitzLlAuMZ16 THRPl6axls+R/OqNLGOvtY5e2FM58b2nmDsAfqR3XMaGJAuHlwwgvqZR6gbFd0qY fMMxOs2li25FWQc+3FeR48u60udp6fpppCvw/0IGjDDnIRk9bdk99ETYmAxrOhNq MNEmmsdgghsNXXZkyepbyOYY3FPlEP0mJe9InolRVHyjfMSFEA4rF+wsOEsDBBuo 1BiYNlx8piheTn++YUMVv5FIZscr6+X5rxrL+9p/gfVonjvQtqGJh8+Q2MgwKOI= =uAxc -----END PGP SIGNATURE-----
--- End Message ---
