lp:ubuntu/lucid-security/freetype

Created by James Westby on 2010-07-20 and last modified on 2015-02-24
Get this branch:
bzr branch lp:ubuntu/lucid-security/freetype
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

34. By Marc Deslauriers on 2015-02-24

* SECURITY UPDATE: denial of service and possible code execution via
  multiple security issues
  - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
    quantity of upstream commits to fix multiple security issues.
  - CVE-2014-9656
  - CVE-2014-9657
  - CVE-2014-9658
  - CVE-2014-9660
  - CVE-2014-9661
  - CVE-2014-9663
  - CVE-2014-9664
  - CVE-2014-9666
  - CVE-2014-9667
  - CVE-2014-9669
  - CVE-2014-9670
  - CVE-2014-9671
  - CVE-2014-9672
  - CVE-2014-9673
  - CVE-2014-9674
  - CVE-2014-9675

33. By Marc Deslauriers on 2013-01-11

* SECURITY UPDATE: denial of service and possible code execution via NULL
  pointer dereference
  - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
    of allocation error in src/bdf/bdflib.c.
  - CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
  buffer over-read in BDF parsing
  - debian/patches-freetype/CVE-2012-5669.patch: use correct array size
    in src/bdf/bdflib.c.
  - CVE-2012-5669

32. By Tyler Hicks on 2012-03-21

* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1126.patch: Perform better input
    sanitization when parsing properties. Based on upstream patch.
  - CVE-2012-1126
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1127.patch: Perform better input
    sanitization when parsing glyphs. Based on upstream patch.
  - CVE-2012-1127
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1128.patch: Improve loop logic to avoid
    NULL pointer dereference. Based on upstream patch.
  - CVE-2012-1128
* SECURITY UPDATE: Denial of service via crafted Type42 font
  - debian/patches-freetype/CVE-2012-1129.patch: Perform better input
    sanitization when parsing SFNT strings. Based on upstream patch.
  - CVE-2012-1129
* SECURITY UPDATE: Denial of service via crafted PCF font
  - debian/patches-freetype/CVE-2012-1130.patch: Allocate enough memory to
    properly NULL-terminate parsed properties strings. Based on upstream
    patch.
  - CVE-2012-1130
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1131.patch: Use appropriate data type to
    prevent integer truncation on 64 bit systems when rendering fonts. Based
    on upstream patch.
  - CVE-2012-1131
* SECURITY UPDATE: Denial of service via crafted Type1 font
  - debian/patches-freetype/CVE-2012-1132.patch: Ensure strings are of
    appropriate length when loading Type1 fonts. Based on upstream patch.
  - CVE-2012-1132
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1133.patch: Limit range of negative
    glyph encoding values to prevent invalid array indexes. Based on
    upstream patch.
  - CVE-2012-1133
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted Type1 font
  - debian/patches-freetype/CVE-2012-1134.patch: Enforce a minimum Type1
    private dictionary size to prevent writing past array bounds. Based on
    upstream patch.
  - CVE-2012-1134
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1135.patch: Perform proper bounds
    checks when interpreting TrueType bytecode. Based on upstream patch.
  - CVE-2012-1135
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted BDF font
  - debian/patches-freetype/CVE-2012-1136.patch: Ensure encoding field is
    defined when parsing glyphs. Based on upstream patch.
  - CVE-2012-1136
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1137.patch: Allocate sufficient number
    of array elements to prevent reading past array bounds. Based on
    upstream patch.
  - CVE-2012-1137
* SECURITY UPDATE: Denial of service via crafted TrueType font
  - debian/patches-freetype/CVE-2012-1138.patch: Correct typo resulting in
    invalid read from wrong memory location. Based on upstream patch.
  - CVE-2012-1138
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1139.patch: Check array index values to
    prevent reading invalid memory. Based on upstream patch.
  - CVE-2012-1139
* SECURITY UPDATE: Denial of service via crafted PostScript font
  - debian/patches-freetype/CVE-2012-1140.patch: Fix off-by-one error in
    boundary checks. Based on upstream patch.
  - CVE-2012-1140
* SECURITY UPDATE: Denial of service via crafted BDF font
  - debian/patches-freetype/CVE-2012-1141.patch: Initialize field elements
    to prevent invalid read. Based on upstream patch.
  - CVE-2012-1141
* SECURITY UPDATE: Denial of service via crafted Windows FNT/FON font
  - debian/patches-freetype/CVE-2012-1142.patch: Perform input sanitization
    on first and last character code fields. Based on upstream patch.
  - CVE-2012-1142
* SECURITY UPDATE: Denial of service via crafted font
  - debian/patches-freetype/CVE-2012-1143.patch: Protect against divide by
    zero when dealing with 32 bit types. Based on upstream patch.
  - CVE-2012-1143
* SECURITY UPDATE: Denial of service and arbitrary code execution via
  crafted TrueType font
  - debian/patches-freetype/CVE-2012-1144.patch: Perform input sanitization
    on the first glyph outline point value. Based on upstream patch.
  - CVE-2012-1144

31. By Tyler Hicks on 2011-11-17

* SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
  - debian/patches-freetype/CVE-2011-3256.patch: Sanitize Type 1 font inputs
    in src/base/ftbitmap.c, src/psaux/t1decode.c, src/raster/ftrend1.c, and
    src/truetype/ttgxvar.c. Based on upstream patch.
  - CVE-2011-3256
* SECURITY UPDATE: Arbitrary code execution via crafted CID-keyed PS font
  - debian/patches-freetype/CVE-2011-3439.patch: Sanitize CID-keyed
    PostScript font inputs in src/cid/cidload.c. Based on upstream patch.
  - CVE-2011-3439

30. By Marc Deslauriers on 2010-11-02

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via libXft overflow.
  - debian/patches/CVE-2010-3311.patch: correctly validate position in
    src/base/ftstream.c.
  - CVE-2010-3311
* SECURITY UPDATE: denial of service and possible code execution via
  improper error handling of SHZ bytecode instruction
  - debian/patches/CVE-2010-3814.patch: add bounds check to
    src/truetype/ttinterp.c.
  - CVE-2010-3814
* SECURITY UPDATE: denial of service and possible code execution via
  TrueType GX font
  - debian/patches/CVE-2010-3855.patch: add bounds checks to
    src/truetype/ttgxvar.c.
  - CVE-2010-3855

29. By Marc Deslauriers on 2010-08-13

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in CFF Type2 CharStrings interpreter (LP: #617019)
  - debian/patches-freetype/CVE-2010-1797.patch: check number of operands
    in src/cff/cffgload.c.
  - CVE-2010-1797
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  in the ftmulti demo program (LP: #617019)
  - debian/patches-ft2demos/CVE-2010-2541.patch: use strncat and adjust
    sizes in src/ftmulti.c.
  - CVE-2010-2541
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2805.patch: fix calculation in
    src/base/ftstream.c.
  - CVE-2010-2805
* SECURITY UPDATE: possible arbitrary code execution via improper bounds
  checking (LP: #617019)
  - debian/patches-freetype/CVE-2010-2806.patch: check string sizes in
    src/type42/t42parse.c.
  - CVE-2010-2806
* SECURITY UPDATE: possible arbitrary code execution via improper type
  comparisons (LP: #617019)
  - debian/patches-freetype/CVE-2010-2807.patch: perform better bounds
    checking in src/smooth/ftsmooth.c, src/truetype/ttinterp.*.
  - CVE-2010-2807
* SECURITY UPDATE: possible arbitrary code execution via memory
  corruption in Adobe Type 1 Mac Font File (LWFN) fonts (LP: #617019)
  - debian/patches-freetype/CVE-2010-2808.patch: check rlen in
    src/base/ftobjs.c.
  - CVE-2010-2808
* SECURITY UPDATE: denial of service via bdf font (LP: #617019)
  - debian/patches-freetype/bug30135.patch: don't modify value in static
    string in src/bdf/bdflib.c.

28. By Marc Deslauriers on 2010-07-15

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via invalid free
  - debian/patches/CVE-2010-2498.patch: validate number of points in
    src/pshinter/pshalgo.c.
  - CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
  - debian/patches/CVE-2010-2499.patch: check positions and return code
    in src/base/ftobjs.c.
  - CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
  - debian/patches/CVE-2010-2500.patch: switch to unsigned in
    src/smooth/ftgrays.c, check signed width and height in
    src/smooth/ftsmooth.c.
  - CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
  - debian/patches/CVE-2010-2519.patch: correctly calculate length in
    src/base/ftobjs.c.
  - CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
  - debian/patches/CVE-2010-2520.patch: perform bounds checking in
    src/truetype/ttinterp.c.
  - CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
  - debian/patches/CVE-2010-2527.patch: change buffer sizes in
    src/{ftdiff,ftgrid,ftmulti,ftstring,ftview}.c.
  - CVE-2010-2527

27. By Mario Limonciello on 2009-12-01

Revert last change. I really did have a FTBFS that "looked" like this
was the cause, but it's actually something else that dropped it's
dependency on libfreetype6-dev.

26. By Mario Limonciello on 2009-11-29

* debian/libfreetype6.files:
  - Correct an extra period that was placed causing other packages to
    FTBFS when linking against freetype.

25. By Steve Langasek on 2009-10-12

* New upstream release
  - drop debian/patches-freetype/proper-armel-asm-declaration.patch and
    debian/patches-freetype/CVE-2009-0946.patch, applied upstream.
  - new symbol tt_cmap13_class_rec added to the symbols table, bump the
    shlibs.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/freetype
This branch contains Public information 
Everyone can see this information.

Subscribers