lp:debian/lenny/freetype
- Get this branch:
- bzr branch lp:debian/lenny/freetype
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 15. By Michael Gilbert
-
* Non-maintainer upload by the Security Team.
* Fix CVE-2011-3439: vulnerability in CID-keyed Type 1 fonts. - 14. By Kanru Chen
-
* Non-maintainer upload by the Security Team.
* CVE-2011-0226: Vulnerability in parsing Type 1 fonts - 13. By Stefan Fritsch
-
* Non-maintainer upload by the Security Team.
* fix CVE-2010-3311: integer overflow which can lead to a heap overflow in
libXft - 12. By Moritz Muehlenhoff <email address hidden>
-
* CVE-2010-2497 freetype integer underflow #30082 #30083
* CVE-2010-2498 freetype invalid free #30106
* CVE-2010-2499 freetype buffer overflow #30248 #30249
* CVE-2010-2500 freetype integer overflow #30263
* CVE-2010-2519 freetype heap buffer overflow #30306
* CVE-2010-2520 freetype invalid realloc #30361
* CVE-2010-XXXX freetype demos buffer overflows #30054 - 11. By Nico Golde <email address hidden>
-
* Non-maintainer upload by the Security Team.
* This update fixes various integer overflows in cff/cffload.c,
smooth/ftsmooth.c amd sfnt/ttcmap.c leading to arbitrary code
execution or denial of service via a crafted font file
(CVE-2009-0946; Closes: #524925). - 10. By Steve Langasek
-
* High-urgency upload for RC bugfix.
* Add debian/patches- freetype/ no-segfault- on-load_ mac_face, patch from
upstream to fix a segfault due to uninitialized memory in certain
failures of FT_Stream_New. Closes: #487101. - 9. By Steve Langasek
-
* High-urgency upload for RC bugfix.
* Add debian/patches- freetype/ CVE-2006- 3467_pcf- strlen. patch to
address CVE-2006-3467, a missing string length check in PCF files that
leads to a possibly exploitable integer overflow. Thanks to Martin
Pitt for the patch. Closes: #379920. - 8. By Martin Pitt
-
* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches- freetype/ pcf-strlen. patch:
- src/pcf/pcfread.c: Detect invalid string lengths.
- CVE-2006-3467 - 7. By Keith Packard
-
* Enable full bytecode interpreter instead of just the
"non-patented portions".
* Use $(CURDIR) instead of $(PWD) to build with sudo. Closes: #367579.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/freetype