lp:ubuntu/dapper-security/freetype

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Marc Deslauriers on 2010-11-02

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/425-CVE-2010-3311.patch: correctly validate position
    in src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/426-CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

14. By Marc Deslauriers on 2010-08-13

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches/418-CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches/424-CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches/419-CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches/420-CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches/421-CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches/422-CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches/423-bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.

13. By Marc Deslauriers on 2010-07-15

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid free
  - debian/patches/412-CVE-2010-2498.patch: validate number of points in
    src/pshinter/pshalgo.c.
  - CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
  - debian/patches/413-CVE-2010-2499.patch: check positions and return
    code in src/base/ftobjs.c.
  - CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
  - debian/patches/414-CVE-2010-2500.patch: switch to unsigned in
    src/smooth/ftgrays.c, check signed width and height in
    src/smooth/ftsmooth.c.
  - CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
  - debian/patches/415-CVE-2010-2519.patch: correctly calculate length in
    src/base/ftobjs.c.
  - CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
  - debian/patches/416-CVE-2010-2520.patch: perform bounds checking in
    src/truetype/ttinterp.c.
  - CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
  - debian/patches/417-CVE-2010-2527.patch: change buffer sizes in
    src/{ftmulti,ftstring,ftview}.c.
  - CVE-2010-2527

12. By Marc Deslauriers on 2009-04-22

* SECURITY UPDATE: possible code execution via multiple integer overflows
  - debian/patches/411-CVE-2009-0946.patch: validate sid values in
    src/cff/cffload.c, don't overflow int with table + length in
    src/sfnt/ttcmap.c, validate glyph width and height in
    src/smooth/ftsmooth.c.
  - CVE-2009-0946

11. By Kees Cook on 2008-09-10

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches/410-CVE-2008-1806_7_8.patch: upstream fixes
  thanks to Steffen Joeris.
* References
  CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

10. By Kees Cook on 2007-05-22

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches/freetype-2.1.10-security-ttgload-fix.patch from
  upstream changes.
* References
  CVE-2007-2754

9. By Kees Cook on 2007-04-02

* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches/404-bdf-integer.patch from upstream changes.
* References
  CVE-2007-1351

8. By Martin Pitt on 2006-07-26

* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/403-pcf-strlen.patch:
  - src/pcf/pcfread.c: Detect invalid string lengths.
  - CVE-2006-3467

7. By Martin Pitt on 2006-05-30

* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/400-ttkern-loop-variable.patch:
  - src/sfnt/ttkern.c, tt_face_get_kerning(): Fix inner loop to use a new
    variable instead of destroying the outer loop variable.
  - Fixes infinite loop with fonts that don't have a properly sorted kerning
    sub-table.
  - Patch taken from upstream CVS.
* Add debian/patches/401-odd_blue_num-safe_alloc.patch:
  - src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
    which have an odd number of blue values (these are broken according to
    the specs). [CVE-2006-0747]
  - src/base/ftutil.c: Fail with an 'invalid argument' error on negative
    allocations, just to make double sure. [CVE-2006-2661]
  - Patches taken from upstream CVS.
* Add debian/patches/402-int-overflows.patch:
  - Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
  - Patches taken from upstream CVS.
* Many thanks to Josh Bressers for extracting the patches!

6. By Scott James Remnant (Canonical) on 2006-04-06

Update shlibs dependency. Ubuntu: #5901.