ubuntu/+source/freetype:ubuntu/trusty-security

Last commit made on 2017-05-09
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/freetype
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/freetype

Recent commits

5ab0ecb... by Marc Deslauriers on 2017-05-04

Import patches-unapplied version 2.5.2-1ubuntu2.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 8a48ffda6d6d180251fbac777009ad1f5f22e5e5

New changelog entries:
  * SECURITY UPDATE: out-of-bounds write in t1_decoder_parse_charstrings
    - debian/patches-freetype/CVE-2017-8105.patch: add a check to
      src/psaux/t1decode.c.
    - CVE-2017-8105
  * SECURITY UPDATE: out-of-bounds write in t1_builder_close_contour
    - debian/patches-freetype/CVE-2017-8287.patch: add a check to
      src/psaux/psobjs.c.
    - CVE-2017-8287

8a48ffd... by Steve Beattie on 2017-04-19

Import patches-unapplied version 2.5.2-1ubuntu2.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 5b19595b0fad8360130f227b2e807af2f8aa7df3

New changelog entries:
  * SECURITY UPDATE: heap based buffer overflow in cff_parser_run()
    - debian/patches-freetype/CVE-2016-10328.patch: add additional check
      to parser stack size in src/cff/cffparse.c
    - CVE-2016-10328

5b19595... by Marc Deslauriers on 2017-03-16

Import patches-unapplied version 2.5.2-1ubuntu2.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: ba73921d8ac704d96e561206cf21f9ec6a353a61

New changelog entries:
  * SECURITY UPDATE: DoS and possible code execution via missing glyph name
    - debian/patches/CVE-2016-10244.patch: add check to src/type1/t1load.c.
    - CVE-2016-10244

ba73921... by Marc Deslauriers on 2015-09-10

Import patches-unapplied version 2.5.2-1ubuntu2.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9138203cbd9ebb27cee26ae0281a4d322e438630

New changelog entries:
  * SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
    - debian/patches-freetype/savannah-bug-41309.patch: fix use of
      uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
      src/type1/t1load.c, src/type42/t42parse.c.
    - No CVE number
  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

9138203... by Marc Deslauriers on 2015-02-24

Import patches-unapplied version 2.5.2-1ubuntu2.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6f50ea86419a3a1fee946f69907740d8abe8055f

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple security issues
    - debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
      quantity of upstream commits to fix multiple security issues.
    - CVE-2014-9656
    - CVE-2014-9657
    - CVE-2014-9658
    - CVE-2014-9659
    - CVE-2014-9660
    - CVE-2014-9661
    - CVE-2014-9662
    - CVE-2014-9663
    - CVE-2014-9664
    - CVE-2014-9665
    - CVE-2014-9666
    - CVE-2014-9667
    - CVE-2014-9668
    - CVE-2014-9669
    - CVE-2014-9670
    - CVE-2014-9671
    - CVE-2014-9672
    - CVE-2014-9673
    - CVE-2014-9674
    - CVE-2014-9675

6f50ea8... by Marco Trevisan (TreviƱo) on 2015-01-23

Import patches-unapplied version 2.5.2-1ubuntu2.3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1a1685f384cc4f5ead5ed0ac0e40517f72a86879

New changelog entries:
  * Added patchset to fix multithread violations, LP: #1199571
    - debian/patches-freetype/multi-thread-violations.patch

1a1685f... by Jinkyu Yi on 2014-04-27

Import patches-unapplied version 2.5.2-1ubuntu2.2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: d4897ec39666aad365507dcd9c62f2b121307927

New changelog entries:
  * Fix incorrect Korean Fonts rendering. (LP: #1310017)
    - debian/patches-freetype/fix-incorrect-korean-fonts-rendering.patch

d4897ec... by Iain Lane on 2014-05-01

Import patches-unapplied version 2.5.2-1ubuntu2.1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: df942c22aaa7166bb706f6dc47122537b4c9666b

New changelog entries:
  * debian/patches-freetype/0001-Fix-Savannah-bug-40997.patch: Cherry-pick
    upstream patch to fix a double free. (LP: #1310728)

df942c2... by Marc Deslauriers on 2014-03-13

Import patches-unapplied version 2.5.2-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 5b125de6e06936e049e93ef1ff4e72e8d3b4afe5

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution in
    CFF rasterizer
    - debian/patches/CVE-2014-2240.patch: validate hintMask in
      src/cff/cf2hints.c.
    - CVE-2014-2240
  * SECURITY UPDATE: denial of service in CFF rasterizer
    - debian/patches/CVE-2014-2241.patch: don't trigger asserts in
      src/cff/cf2ft.c.
    - CVE-2014-2241

5b125de... by Steve Langasek on 2013-12-29

Import patches-unapplied version 2.5.2-1ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: a5a137006c02461b219e7af2464799a18c86a0a0

New changelog entries:
  * Merge from Debian unstable, remaining changes:
    - debian/patches-freetype/revert_scalable_fonts_metric.patch:
      revert commit "Fix metrics on size request for scalable fonts.",
      which breaks gtk underlining markups
  * Dropped changes, included in Debian:
    - Fix png configuration for cross builds.
    - Run aclocal and autoconf.