-
freetype (2.4.8-1ubuntu2.7) precise-security; urgency=medium
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches-freetype/CVE-2015-9381.patch: check
if 'eexec' doesn't exceed 'limit' in src/type1/t1parse.c
- CVE-2015-9381
* SECURITY UPDATE: buffer over-read
- debian/patches-freetype/CVE-2015-9382.patch: ensure that
the cursor position doesn't get larger than the current limit
in src/psaux/psobjs.c.
- CVE-2015-9382
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches-freetype/CVE-2015-9383.patch: check
limit before accessing 'numRanges' and numMappings in
src/sfnt/ttcmap.c.
- CVE-2015-9383
-- <email address hidden> (Leonidas S. Barbosa) Fri, 06 Sep 2019 11:05:06 -0300
-
freetype (2.4.8-1ubuntu2.6) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
- debian/patches-freetype/CVE-2017-8105.patch: add a check to
src/psaux/t1decode.c.
- CVE-2017-8105
* SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
- debian/patches-freetype/CVE-2017-8287.patch: add a check to
src/psaux/psobjs.c.
- CVE-2017-8287
-- Emily Ratliff <email address hidden> Mon, 15 May 2017 20:31:15 -0500
-
freetype (2.4.8-1ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
- debian/patches-freetype/CVE-2016-10328.patch: add additional check
to parser stack size in src/cff/cffparse.c
- CVE-2016-10328
-- Steve Beattie <email address hidden> Tue, 18 Apr 2017 14:35:42 -0700
-
freetype (2.4.8-1ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: DoS and possible code execution via missing glyph name
- debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
- CVE-2016-10244
-- Marc Deslauriers <email address hidden> Thu, 16 Mar 2017 13:42:14 -0400
-
freetype (2.4.8-1ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
invalid charcode in src/type1/t1load.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 10 Sep 2015 07:10:41 -0400
-
freetype (2.4.8-1ubuntu2.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
-- Marc Deslauriers <email address hidden> Tue, 24 Feb 2015 10:35:56 -0500
-
freetype (2.4.8-1ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches-freetype/CVE-2012-5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669
-- Marc Deslauriers <email address hidden> Fri, 11 Jan 2013 13:45:45 -0500
-
freetype (2.4.8-1ubuntu2) precise; urgency=low
* debian/patches-freetype/revert_scalable_fonts_metric.patch:
- revert commit "Fix metrics on size request for scalable fonts.",
it's breaking gtk underlining markups and creating some other
issues as well (lp: #972223)
-- Sebastien Bacher <email address hidden> Tue, 03 Apr 2012 10:42:05 +0200
-
freetype (2.4.8-1ubuntu1) precise; urgency=low
* SECURITY UPDATE: Denial of service via crafted BDF font (LP: #963283)
- debian/patches-freetype/CVE-2012-1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches-freetype/CVE-2012-1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144
-- Tyler Hicks <email address hidden> Fri, 23 Mar 2012 12:13:46 -0500
-
freetype (2.4.8-1) unstable; urgency=high
* New upstream release
- upstream fix for CVE-2011-3439. Closes: #649122.
- adjust libfreetype6.symbols for a newly-exported function.
-- Tyler Hicks <email address hidden> Fri, 18 Nov 2011 19:24:03 +0000
-
freetype (2.4.7-2) unstable; urgency=low
* Use dpkg-buildflags through debhelper.
* Don't set -Werror in CFLAGS on alpha or m68k, to work around a compiler
bug. Closes: #646334.
-- Steve Langasek <email address hidden> Mon, 24 Oct 2011 22:02:32 +0000
-
freetype (2.4.7-1) unstable; urgency=low
* New upstream release
- upstream fix for CVE-2011-3256. Closes: #646120.
- drop debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch,
included upstream.
* Pass --without-bzip2 to configure, to avoid unwanted dependency on
libbz2. Closes: #639638.
* Standards-Version 3.9.2.
-- Steve Langasek <email address hidden> Sat, 22 Oct 2011 20:18:59 +0000
-
freetype (2.4.6-2) unstable; urgency=low
* debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch: [PATCH]
Fix Savannah bug #33992. Thanks to David Bevan
<email address hidden>. Closes: #638348.
-- Steve Langasek <email address hidden> Sat, 20 Aug 2011 06:30:18 +0000
-
freetype (2.4.4-2ubuntu1) oneiric; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted Type 1 font
- debian/patches-freetype/CVE-2011-0226.patch: check for proper
signedness in src/psaux/t1decode.c.
- CVE-2011-0226
* debian/rules: fix FTBFS with gcc 4.6 by adding
-Wno-unused-but-set-variable to CFLAGS to downgrade it to a warning.
-- Marc Deslauriers <email address hidden> Mon, 08 Aug 2011 08:13:07 -0400