Branches for Maverick

Author: Steve Langasek
Revision Date: 2010-08-28 02:27:15 UTC

debian/patches-ft2demos/f2tdemos-grkey.patch: update to fix another
problem when building under gcc-4.5 that was overlooked in the previous
version of the patch. LP: #624740.

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

Author: Tyler Hicks
Revision Date: 2012-03-21 19:57:51 UTC

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144