-
freetype (2.1.7-2.4ubuntu1.3) breezy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches/404-bdf-integer.patch from upstream changes.
* References
CVE-2007-1351
-- Kees Cook <email address hidden> Mon, 2 Apr 2007 15:53:16 -0700
-
freetype (2.1.7-2.4ubuntu1.2) breezy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/403-pcf-strlen.patch:
- src/pcf/pcfread.c: Detect invalid string lengths.
- CVE-2006-3467
-- Martin Pitt <email address hidden> Wed, 26 Jul 2006 10:53:25 +0000
-
freetype (2.1.7-2.4ubuntu1.1) breezy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/401-odd_blue_num-safe_alloc.patch:
- src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
which have an odd number of blue values (these are broken according to
the specs). [CVE-2006-0747]
- src/base/ftutil.c: Fail with an 'invalid argument' error on negative
allocations, just to make double sure. [CVE-2006-2661]
- Patches taken from upstream CVS.
* Add debian/patches/402-int-overflows.patch:
- Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
- Patches taken from upstream CVS.
* Many thanks to Josh Bressers for extracting the patches!
-- Martin Pitt <email address hidden> Fri, 2 Jun 2006 13:56:03 +0000
-
freetype (2.1.7-2.4ubuntu1) breezy; urgency=low
* Slightly relax the header check on Type1 fonts, enabling wider display of
PDFs, et al; based on a change to FreeType CVS (closes: Ubuntu#10087).
-- Daniel Stone <email address hidden> Thu, 12 May 2005 12:41:38 +1000
