Branches for Jaunty

Author: Colin Watson
Revision Date: 2009-03-19 01:58:27 UTC

No-change rebuild to fix lpia shared library dependencies.

Author: Marc Deslauriers
Revision Date: 2010-08-13 10:23:02 UTC

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches-freetype/bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
  - debian/patches-freetype/nested-seac.patch: handle nested calls
    correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
    src/cff/cffgload.h, src/psaux/t1decode.c.

Author: Marc Deslauriers
Revision Date: 2010-08-13 10:23:02 UTC

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches-freetype/bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.
* SECURITY UPDATE: denial of service via nested "seac" calls
  - debian/patches-freetype/nested-seac.patch: handle nested calls
    correctly in include/freetype/internal/psaux.h, src/cff/cffgload.c,
    src/cff/cffgload.h, src/psaux/t1decode.c.