lp:ubuntu/hardy-updates/freetype
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/freetype
Branch merges
Related source package recipes
Branch information
Recent revisions
- 24. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches- freetype/ CVE-2012- 5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches- freetype/ CVE-2012- 5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669 - 23. By Tyler Hicks
-
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1126.patch: Perform better input
sanitization when parsing properties. Based on upstream patch.
- CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1127.patch: Perform better input
sanitization when parsing glyphs. Based on upstream patch.
- CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1128.patch: Improve loop logic to avoid
NULL pointer dereference. Based on upstream patch.
- CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
- debian/patches- freetype/ CVE-2012- 1129.patch: Perform better input
sanitization when parsing SFNT strings. Based on upstream patch.
- CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
- debian/patches- freetype/ CVE-2012- 1130.patch: Allocate enough memory to
properly NULL-terminate parsed properties strings. Based on upstream
patch.
- CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1131.patch: Use appropriate data type to
prevent integer truncation on 64 bit systems when rendering fonts. Based
on upstream patch.
- CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
- debian/patches- freetype/ CVE-2012- 1132.patch: Ensure strings are of
appropriate length when loading Type1 fonts. Based on upstream patch.
- CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches- freetype/ CVE-2012- 1133.patch: Limit range of negative
glyph encoding values to prevent invalid array indexes. Based on
upstream patch.
- CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted Type1 font
- debian/patches- freetype/ CVE-2012- 1134.patch: Enforce a minimum Type1
private dictionary size to prevent writing past array bounds. Based on
upstream patch.
- CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1135.patch: Perform proper bounds
checks when interpreting TrueType bytecode. Based on upstream patch.
- CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted BDF font
- debian/patches- freetype/ CVE-2012- 1136.patch: Ensure encoding field is
defined when parsing glyphs. Based on upstream patch.
- CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1137.patch: Allocate sufficient number
of array elements to prevent reading past array bounds. Based on
upstream patch.
- CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1138.patch: Correct typo resulting in
invalid read from wrong memory location. Based on upstream patch.
- CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1139.patch: Check array index values to
prevent reading invalid memory. Based on upstream patch.
- CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
- debian/patches- freetype/ CVE-2012- 1140.patch: Fix off-by-one error in
boundary checks. Based on upstream patch.
- CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
- debian/patches- freetype/ CVE-2012- 1141.patch: Initialize field elements
to prevent invalid read. Based on upstream patch.
- CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
- debian/patches- freetype/ CVE-2012- 1142.patch: Perform input sanitization
on first and last character code fields. Based on upstream patch.
- CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
- debian/patches- freetype/ CVE-2012- 1143.patch: Protect against divide by
zero when dealing with 32 bit types. Based on upstream patch.
- CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
crafted TrueType font
- debian/patches- freetype/ CVE-2012- 1144.patch: Perform input sanitization
on the first glyph outline point value. Based on upstream patch.
- CVE-2012-1144 - 22. By Tyler Hicks
-
* SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
- debian/patches- freetype/ CVE-2011- 3256.patch: Sanitize Type 1 font inputs
in src/base/ftbitmap. c, src/psaux/ t1decode. c, src/raster/ ftrend1. c, and
src/truetype/ ttgxvar. c. Based on upstream patch.
- CVE-2011-3256
* SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
- debian/patches- freetype/ CVE-2011- 3439.patch: Sanitize CID-keyed
PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
- CVE-2011-3439 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via libXft overflow.
- debian/patches/ CVE-2010- 3311.patch: correctly validate position in
src/base/ftstream. c.
- CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
improper error handling of SHZ bytecode instruction
- debian/patches/ CVE-2010- 3814.patch: add bounds check to
src/truetype/ ttinterp. c.
- CVE-2010-3814
* SECURITY UPDATE: denial of service and possible code execution via
TrueType GX font
- debian/patches/ CVE-2010- 3855.patch: add bounds checks to
src/truetype/ ttgxvar. c.
- CVE-2010-3855 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in CFF Type2 CharStrings interpreter (LP: #617019)
- debian/patches- freetype/ CVE-2010- 1797.patch: check number of operands
in src/cff/cffgload.c.
- CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
in the ftmulti demo program (LP: #617019)
- debian/patches- ft2demos/ CVE-2010- 2541.patch: use strncat and adjust
sizes in src/ftmulti.c.
- CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches- freetype/ CVE-2010- 2805.patch: fix calculation in
src/base/ftstream. c.
- CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
checking (LP: #617019)
- debian/patches- freetype/ CVE-2010- 2806.patch: check string sizes in
src/type42/ t42parse. c.
- CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
comparisons (LP: #617019)
- debian/patches- freetype/ CVE-2010- 2807.patch: perform better bounds
checking in src/smooth/ftsmooth. c, src/truetype/ ttinterp. *.
- CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
- debian/patches- freetype/ CVE-2010- 2808.patch: check rlen in
src/base/ftobjs. c.
- CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
- debian/patches- freetype/bug30135.patch: don't modify value in static
string in src/bdf/bdflib.c. - 19. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/ CVE-2010- 2498.patch: validate number of points in
src/pshinter/ pshalgo. c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/ CVE-2010- 2499.patch: check positions and return code
in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/ CVE-2010- 2500.patch: switch to unsigned in
src/smooth/ ftgrays. c, check signed width and height in
src/smooth/ ftsmooth. c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/ CVE-2010- 2519.patch: correctly calculate length in
src/base/ftobjs. c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/ CVE-2010- 2520.patch: perform bounds checking in
src/truetype/ ttinterp. c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/ CVE-2010- 2527.patch: change buffer sizes in
src/{ftdiff, ftgrid, ftmulti, ftstring, ftview} .c.
- CVE-2010-2527 - 18. By Marc Deslauriers
-
* SECURITY UPDATE: possible code execution via multiple integer overflows
- debian/patches- freetype/ security- CVE-2009- 0946.patch: validate sid
values in src/cff/cffload.c, check state->prefix in src/lzw/ftzopen.c,
don't overflow int with table + length in src/sfnt/ttcmap.c, validate
glyph width and height in src/smooth/ftsmooth. c.
- CVE-2009-0946 - 17. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via integer overflows.
* Add debian/patches- freetype/ CVE-2008- 1806_7_ 8.patch: upstream fixes
thanks to Steffen Joeris.
* References
CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 - 16. By Scott James Remnant (Canonical)
-
* debian/
patches- freetype/ enable- subpixel- rendering. patch:
- Restore patch that enables subpixel rendering features, now that
libcairo and xft provide the ability for the specific lcd filter
to be changed. - 15. By Matthew Garrett <email address hidden>
-
* debian/
patches- freetype/ series
- Fix the removal of enable-subpixel- rendering. patch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/freetype
