[Precise] FreeType is vulnerable to CVE-2012-1126 through CVE-2012-1144
Bug #963283 reported by
Tyler Hicks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freetype (Ubuntu) |
Fix Released
|
Medium
|
Tyler Hicks |
Bug Description
Precise, along with Debian unstable and testing, currently use freetype version 2.4.8-1. Upstream FreeType recently released version 2.4.9, which addressed many security issues:
http://
There have also been a few upstream commits, since the 2.4.9 release, that made improvements and/or corrections to the changes in 2.4.9.
I've addressed these issues in our stable releases, but Precise is still in need of an update. I will attach a debdiff of the fixes backported to 2.4.8-1.
The Ubuntu CVE Tracker has links to the related bugs and patches:
http://
To post a comment you must log in.
I've tested this debdiff using the QA Regression Testing framework and the reproducers attached to the upstream bugs.