* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in CFF Type2 CharStrings interpreter (LP: #617019)
- debian/patches-freetype/CVE-2010-1797.patch: check number of operands
in src/cff/cffgload.c.
- CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in the ftmulti demo program (LP: #617019)
- debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
sizes in src/ftmulti.c.
- CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
src/base/ftstream.c.
- CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
src/type42/t42parse.c.
- CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
comparisons (LP: #617019)
- debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
- CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
- debian/patches-freetype/CVE-2010-2808.patch: check rlen in
src/base/ftobjs.c.
- CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
- debian/patches-freetype/bug30135.patch: don't modify value in static
string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
- debian/patches-freetype/nested-seac.patch: handle nested calls
correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
src/cff/cffgload.h, src/psaux/t1decode.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 10:05:35 -0400
This bug was fixed in the package freetype - 2.3.9-5ubuntu0.2
---------------
freetype (2.3.9-5ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow patches- freetype/ CVE-2010- 1797.patch: check number of operands patches- ft2demos/ CVE-2010- 2541.patch: use strncat and adjust patches- freetype/ CVE-2010- 2805.patch: fix calculation in base/ftstream. c. patches- freetype/ CVE-2010- 2806.patch: check string sizes in type42/ t42parse. c. patches- freetype/ CVE-2010- 2807.patch: perform better bounds ftsmooth. c, src/truetype/ ttinterp. *. patches- freetype/ CVE-2010- 2808.patch: check rlen in base/ftobjs. c. patches- freetype/bug30135.patch: don't modify value in static patches- freetype/ nested- seac.patch: handle nested calls freetype/ internal/ psaux.h, src/cff/cffgload.c, cff/cffgload. h, src/psaux/ t1decode. c.
in CFF Type2 CharStrings interpreter (LP: #617019)
- debian/
in src/cff/cffgload.c.
- CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in the ftmulti demo program (LP: #617019)
- debian/
sizes in src/ftmulti.c.
- CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/
src/
- CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/
src/
- CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
comparisons (LP: #617019)
- debian/
checking in src/smooth/
- CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
- debian/
src/
- CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
- debian/
string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
- debian/
correctly in include/
src/
-- Marc Deslauriers <email address hidden> Fri, 13 Aug 2010 10:05:35 -0400