Your message dated Sat, 28 Feb 2015 05:19:01 +0000 with message-id <e1yrznp-0002hv...@franck.debian.org> and subject line Bug#777656: fixed in freetype 2.5.2-3 has caused the Debian Bug report #777656, regarding freetype: various new security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 777656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: freetype Version: 2.5.2-2 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for freetype. I filled this as "RC" since at least one seems to allow code execution. Could you help identify which also affect wheezy? CVE-2014-9656[0]: | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType | before 2.5.4 does not properly check for an integer overflow, which | allows remote attackers to cause a denial of service (out-of-bounds | read) or possibly have unspecified other impact via a crafted OpenType | font. CVE-2014-9657[1]: | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType | before 2.5.4 does not establish a minimum record size, which allows | remote attackers to cause a denial of service (out-of-bounds read) or | possibly have unspecified other impact via a crafted TrueType font. CVE-2014-9658[2]: | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before | 2.5.4 enforces an incorrect minimum table length, which allows remote | attackers to cause a denial of service (out-of-bounds read) or | possibly have unspecified other impact via a crafted TrueType font. CVE-2014-9659[3]: | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before | 2.5.4 proceeds with additional hints after the hint mask has been | computed, which allows remote attackers to execute arbitrary code or | cause a denial of service (stack-based buffer overflow) via a crafted | OpenType font. NOTE: this vulnerability exists because of an | incomplete fix for CVE-2014-2240. CVE-2014-9660[4]: | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before | 2.5.4 does not properly handle a missing ENDCHAR record, which allows | remote attackers to cause a denial of service (NULL pointer | dereference) or possibly have unspecified other impact via a crafted | BDF font. CVE-2014-9661[5]: | type42/t42parse.c in FreeType before 2.5.4 does not consider that | scanning can be incomplete without triggering an error, which allows | remote attackers to cause a denial of service (use-after-free) or | possibly have unspecified other impact via a crafted Type42 font. CVE-2014-9662[6]: | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return | values of point-allocation functions, which allows remote attackers to | cause a denial of service (heap-based buffer overflow) or possibly | have unspecified other impact via a crafted OTF font. CVE-2014-9663[7]: | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before | 2.5.4 validates a certain length field before that field's value is | completely calculated, which allows remote attackers to cause a denial | of service (out-of-bounds read) or possibly have unspecified other | impact via a crafted cmap SFNT table. CVE-2014-9664[8]: | FreeType before 2.5.4 does not check for the end of the data during | certain parsing actions, which allows remote attackers to cause a | denial of service (out-of-bounds read) or possibly have unspecified | other impact via a crafted Type42 font, related to type42/t42parse.c | and type1/t1load.c. CVE-2014-9665[9]: | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 | does not restrict the rows and pitch values of PNG data, which allows | remote attackers to cause a denial of service (integer overflow and | heap-based buffer overflow) or possibly have unspecified other impact | by embedding a PNG file in a .ttf font file. CVE-2014-9666[10]: | The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before | 2.5.4 proceeds with a count-to-size association without restricting | the count value, which allows remote attackers to cause a denial of | service (integer overflow and out-of-bounds read) or possibly have | unspecified other impact via a crafted embedded bitmap. CVE-2014-9667[11]: | sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length | calculations without restricting the values, which allows remote | attackers to cause a denial of service (integer overflow and | out-of-bounds read) or possibly have unspecified other impact via a | crafted SFNT table. CVE-2014-9668[12]: | The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 | proceeds with offset+length calculations without restricting length | values, which allows remote attackers to cause a denial of service | (integer overflow and heap-based buffer overflow) or possibly have | unspecified other impact via a crafted Web Open Font Format (WOFF) | file. CVE-2014-9669[13]: | Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 | allow remote attackers to cause a denial of service (out-of-bounds | read or memory corruption) or possibly have unspecified other impact | via a crafted cmap SFNT table. CVE-2014-9670[14]: | Multiple integer signedness errors in the pcf_get_encodings function | in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to | cause a denial of service (integer overflow, NULL pointer dereference, | and application crash) via a crafted PCF file that specifies negative | values for the first column and first row. CVE-2014-9671[15]: | Off-by-one error in the pcf_get_properties function in pcf/pcfread.c | in FreeType before 2.5.4 allows remote attackers to cause a denial of | service (NULL pointer dereference and application crash) via a crafted | PCF file with a 0xffffffff size value that is improperly incremented. CVE-2014-9672[16]: | Array index error in the parse_fond function in base/ftmac.c in | FreeType before 2.5.4 allows remote attackers to cause a denial of | service (out-of-bounds read) or obtain sensitive information from | process memory via a crafted FOND resource in a Mac font file. CVE-2014-9673[17]: | Integer signedness error in the Mac_Read_POST_Resource function in | base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to | cause a denial of service (heap-based buffer overflow) or possibly | have unspecified other impact via a crafted Mac font. CVE-2014-9674[18]: | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType | before 2.5.4 proceeds with adding to length values without validating | the original values, which allows remote attackers to cause a denial | of service (integer overflow and heap-based buffer overflow) or | possibly have unspecified other impact via a crafted Mac font. CVE-2014-9675[19]: | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by | only verifying that an initial substring is present, which allows | remote attackers to discover heap pointer values and bypass the ASLR | protection mechanism via a crafted BDF font. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-9656 [1] https://security-tracker.debian.org/tracker/CVE-2014-9657 [2] https://security-tracker.debian.org/tracker/CVE-2014-9658 [3] https://security-tracker.debian.org/tracker/CVE-2014-9659 [4] https://security-tracker.debian.org/tracker/CVE-2014-9660 [5] https://security-tracker.debian.org/tracker/CVE-2014-9661 [6] https://security-tracker.debian.org/tracker/CVE-2014-9662 [7] https://security-tracker.debian.org/tracker/CVE-2014-9663 [8] https://security-tracker.debian.org/tracker/CVE-2014-9664 [9] https://security-tracker.debian.org/tracker/CVE-2014-9665 [10] https://security-tracker.debian.org/tracker/CVE-2014-9666 [11] https://security-tracker.debian.org/tracker/CVE-2014-9667 [12] https://security-tracker.debian.org/tracker/CVE-2014-9668 [13] https://security-tracker.debian.org/tracker/CVE-2014-9669 [14] https://security-tracker.debian.org/tracker/CVE-2014-9670 [15] https://security-tracker.debian.org/tracker/CVE-2014-9671 [16] https://security-tracker.debian.org/tracker/CVE-2014-9672 [17] https://security-tracker.debian.org/tracker/CVE-2014-9673 [18] https://security-tracker.debian.org/tracker/CVE-2014-9674 [19] https://security-tracker.debian.org/tracker/CVE-2014-9675 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: freetype Source-Version: 2.5.2-3 We believe that the bug you reported is fixed in the latest version of freetype, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 777...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Keith Packard <kei...@keithp.com> (supplier of updated freetype package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 23 Feb 2015 22:04:36 -0800 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source amd64 Version: 2.5.2-3 Distribution: unstable Urgency: medium Maintainer: Steve Langasek <vor...@debian.org> Changed-By: Keith Packard <kei...@keithp.com> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Closes: 777656 Changes: freetype (2.5.2-3) unstable; urgency=medium . * Fix Savannah bug #43535. CVE-2014-9675 * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1 * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check in the summation of POST fragment lengths. CVE-2014-0674-part-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold too long tracing messages. CVS-2014-9674-fixup-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1 * Fix Savannah bug #43538. CVE-2014-9674-part-1 * Fix Savannah bug #43539. CVE-2014-9673 * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by a broken POST table in resource-fork. CVE-2014-9673-fixup * Fix Savannah bug #43540. CVE-2014-9672 * Fix Savannah bug #43547. CVE-2014-9671 * Fix Savannah bug #43548. CVE-2014-9670 * [sfnt] Fix Savannah bug #43588. CVE-2014-9669 * [sfnt] Fix Savannah bug #43589. CVE-2014-9668 * [sfnt] Fix Savannah bug #43590. CVE-2014-9667 * [sfnt] Fix Savannah bug #43591. CVE-2014-9666 * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665 * Fix uninitialized variable warning. CVE-2014-9665-fixup-2 * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values. CVE-2014-9665-fixup * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664 * [sfnt] Fix Savannah bug #43656. CVE-2014-9663 * [cff] Fix Savannah bug #43658. CVE-2014-9662 * [type42] Allow only embedded TrueType fonts. CVE-2014-9661 * [bdf] Fix Savannah bug #43660. CVE-2014-9660 * [cff] Fix Savannah bug #43661. CVE-2014-9659 * [sfnt] Fix Savannah bug #43672. CVE-2014-9658 * [truetype] Fix Savannah bug #43679. CVE-2014-9657 * [sfnt] Fix Savannah bug #43680. CVE-2014-9656 * All CVEs patched. Closes: #777656. Checksums-Sha1: 3a2a91cde82d0231cd17ac1ca9c93879ab81b152 2078 freetype_2.5.2-3.dsc 0461db9903ba3cf76d8fb0c05589393f3bad6e37 65772 freetype_2.5.2-3.diff.gz 23b5c440d27916d17c5581a04785fc01caa772e9 466228 libfreetype6_2.5.2-3_amd64.deb c76df6aed3041e8597fb203c5c0c28384c4d3560 639830 libfreetype6-dev_2.5.2-3_amd64.deb 1509066bee74019295aad6cb33b8f50a36f22453 94324 freetype2-demos_2.5.2-3_amd64.deb 1a8b57c3ea177ce29cf4893265dcb595619a605d 294948 libfreetype6-udeb_2.5.2-3_amd64.udeb Checksums-Sha256: 20f49e6af334c14921caf854b4c0f0d431b6ccec8d24ab87f05a5d87770fc0a5 2078 freetype_2.5.2-3.dsc 3370204972ae5df8c0035dd0f473eee6cb461b85518c3155fc8ab062882b4bbd 65772 freetype_2.5.2-3.diff.gz 90d27b9dbad6653eff439df987b4ef4ca340a08966b74072dfba88ab5fb33cf8 466228 libfreetype6_2.5.2-3_amd64.deb 3031bd23dbd480e38d3adede602d2ffb72d080a34e40b87132bff2e63fddd4e5 639830 libfreetype6-dev_2.5.2-3_amd64.deb ade17c6d84ab2f7134f897c5e2f90af868aa489cd7ebe05c49deafc0ec8d4d0c 94324 freetype2-demos_2.5.2-3_amd64.deb c48a984d2bac451d69f5e9ca085271e32e0726d268618760005b51180d635a1b 294948 libfreetype6-udeb_2.5.2-3_amd64.udeb Files: aaf787c7904ad14e7106e3e38e17f760 2078 libs optional freetype_2.5.2-3.dsc f08c158f41e2e5e4d8ba23e98aa05e6f 65772 libs optional freetype_2.5.2-3.diff.gz 679df204496aaa7de1d131650bd4de9d 466228 libs optional libfreetype6_2.5.2-3_amd64.deb 7079cc465d2d8caf3ca8454924be110d 639830 libdevel optional libfreetype6-dev_2.5.2-3_amd64.deb 6666431bd19656f7d045973f2df93aac 94324 utils optional freetype2-demos_2.5.2-3_amd64.deb cb37948dcf3e77ac22a1f60dda553454 294948 debian-installer extra libfreetype6-udeb_2.5.2-3_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVPFLYtsiGmkAAAARAQhMeA/+Pksr1+7w2ofI0EjxNegjzpWTfeemeeOz ts6yaDY3rsaIxegv+0Qt0XwP/CYqMJf3uqs51j6agFxVsrlsmS/MEH97HI0Y390L poJ9Jrs3Aewewt3OyIn4fMcv7Kg/TBPj59ZG0GObBC2wm2ZupVYUy5gtkxvw6pvB +ysZ12GP4LXj3Hbs/20XzrknZe5PY/wxi2+rucTA/NztqWX8WwebDp5BzJY5N93g P3CTEEDAngbkQXow/AVknbrn83jEM+WoXC7sNr46zN3ETxVmdM/juNFd42357DBm 8b4q2WowKoCNcREKcebCbDjxaATKJEJ9OsCy5SBb/GKOmrS9mSFBKDyG89rfsocJ lJqGK/jXdB4pIfKB9aKFKhTOIiDjE0YJBxVpNCzZQHoGm+jcN804Cl8sPOZfLjvN oqTxPJHJDrScn0lWhO/Msia18lS2EaN63aTDybXmyMZwh1KNWZrTuRDMYWF9XdqS GKDkdzWtLBLr8B7U7e+7+M+dziIGepWiHoeRpCMMWC8RK+c8lPhSFRYem3kkhn/F LbgVlxRQlVlzfgTBZQHOV4TTT9yp1IMZCMhuCNmzcAXu7xPnVSMPqgBD3Dv4XroN 88w2tLWh4OK9VGttw1ZBDq5DsFff7WUw1K/9A74EAZ4jFl+SgXd/vco4vI/TuRWN CUaT2yCxx20= =G5BZ -----END PGP SIGNATURE-----
--- End Message ---
