[ubuntu/maverick-security] freetype 2.4.2-2ubuntu0.3 (Accepted)

[Tyler Hicks]

freetype (2.4.2-2ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
      in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
      src/truetype/ttgxvar.c. Based on upstream patch.
    - CVE-2011-3256
  * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
    - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
      PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
    - CVE-2011-3439

Date: Thu, 17 Nov 2011 13:59:14 -0600
Changed-By: Tyler Hicks <tyhi...@canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/freetype/2.4.2-2ubuntu0.3

Format: 1.8
Date: Thu, 17 Nov 2011 13:59:14 -0600
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.4.2-2ubuntu0.3
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhi...@canonical.com>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes: 
 freetype (2.4.2-2ubuntu0.3) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
     - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
       in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
       src/truetype/ttgxvar.c. Based on upstream patch.
     - CVE-2011-3256
   * SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
     - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
       PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
     - CVE-2011-3439
Checksums-Sha1: 
 a77c8649b53369df78aa84021ee2b38324491a89 1946 freetype_2.4.2-2ubuntu0.3.dsc
 6d028ced61786d58dc9e88a3c56b6e4063d4fcf2 39350 
freetype_2.4.2-2ubuntu0.3.diff.gz
Checksums-Sha256: 
 d4a59b8e3563808c45e3eeef94c457c9ba26147e40104fc2d0d204bed464d4d6 1946 
freetype_2.4.2-2ubuntu0.3.dsc
 3ff1cf05348aa9a3812cd9b97c65d5966f740725e5cf06e569b71b8a3fd0de47 39350 
freetype_2.4.2-2ubuntu0.3.diff.gz
Files: 
 79ecab4374a638f7a119cd3c5ff3cd91 1946 libs optional 
freetype_2.4.2-2ubuntu0.3.dsc
 996f4c395d3244c81fee4af0999f92b7 39350 libs optional 
freetype_2.4.2-2ubuntu0.3.diff.gz
Original-Maintainer: Steve Langasek <vor...@debian.org>

-- 
Maverick-changes mailing list
Maverick-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/maverick-changes