-
freetype (2.10.1-2ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2023-2004.patch: fix a integer overflow
in src/truetype/ttgxvar.c.
- CVE-2023-2004
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 02 May 2023 08:24:45 -0300
-
freetype (2.10.1-2ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in sfnt_init_face
- debian/patches/CVE-2022-27404.patch: avoid invalid face index in
src/sfnt/sfobjs.c.
- CVE-2022-27404
* SECURITY UPDATE: Segmentation violation in FNT_Size_Request
- debian/patches/CVE-2022-27405.patch: properly guard face_index in
src/base/ftobjs.c.
- CVE-2022-27405
* SECURITY UPDATE: Segmentation violation in FT_Request_Size
- debian/patches/CVE-2022-27406.patch: guard face->size in
src/base/ftobjs.c.
- CVE-2022-27406
* SECURITY UPDATE: Heap-based buffer overflow in ftbench demo
- debian/patches/CVE-2022-31782.patch: check the number of glyphs in
ft2demos/src/ftbench.c.
- CVE-2022-31782
-- Marc Deslauriers <email address hidden> Tue, 19 Jul 2022 11:28:34 -0400
-
freetype (2.10.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow via integer truncation in
Load_SBit_Png
- debian/patches/CVE-2020-15999.patch: Update src/sfnt/pngshim.c to
test and reject invalid bitmap size earlier in Load_SBit_Png. Based on
upstream patch.
- CVE-2020-15999
-- Alex Murray <email address hidden> Tue, 20 Oct 2020 12:37:23 +1030
-
freetype (2.10.1-2) unstable; urgency=medium
* Release to unstable.
* debian/control:
- Raise Standards-Version to 4.4.1 from 4.4.0 (no changes needed).
- Add Rules-Requires-Root: no.
* debian/rules:
- Move the FreeType API Reference location to docs/reference to revert an
incorrect upstream change introduced in FreeType 2.10.
- Update dh_installdocs-indep path exclusion to account for the change to
the API Reference path.
* debian/patches:
- Drop fix-api-reference-hyperlink.patch.
- Add a patch to fix broken JavaScript paths in the documentation.
* freetype2-doc:
- Update the API Reference path in the doc-base file.
- Update Lintian overrides.
-- Hugh McMaster <email address hidden> Mon, 07 Oct 2019 23:42:48 +1100
-
freetype (2.9.1-4) unstable; urgency=medium
* debian/compat: Remove legacy file.
* debian/control:
- Build-Depend on debhelper-compat (version 12).
- Raise Standards-Version to 4.4.0 (no changes needed).
- Demote Recommends: freetype2-doc to Suggests (Closes: #919284).
* debian/patches:
- Add an upstream patch to properly handle phantom points for variable
hinted fonts (Closes: #93203).
-- Hugh McMaster <email address hidden> Wed, 24 Jul 2019 19:59:39 +1000