[Secure-testing-team] Bug#696691: freetype: multiple vulnerabilities in freetype before 2.4.11
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 25 23:32:13 UTC 2012
Source: freetype
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerabilities were published for freetype.
CVE-2012-5670[0]:
Out-of-bounds write in _bdf_parse_glyphs
CVE-2012-5669[1]:
Out-of-bounds read in _bdf_parse_glyphs
CVE-2012-5668[2]:
NULL Pointer Dereference in bdf_free_font
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-5670
https://savannah.nongnu.org/bugs/?37907
[1] http://security-tracker.debian.org/tracker/CVE-2012-5669
https://savannah.nongnu.org/bugs/?37906
[2] http://security-tracker.debian.org/tracker/CVE-2012-5668
https://savannah.nongnu.org/bugs/?37905
Please adjust the affected versions in the BTS as needed.
Note I'm only reporting these issues reportd in [3] to the BTS.
[3] http://www.openwall.com/lists/oss-security/2012/12/25/1
Regards,
Salvatore
- -- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ2jd5AAoJEHidbwV/2GP+aVsP/iZF8NvECdGiP2vfGMiN1/iB
Cqn4oRJW24ZhvONmw4xOumcjrqVPEV9BJ36wFQk7PWAzJSxq4mSb1ntJV5oZtUa+
yYQeNweoBTYc53wvc66YmQa31XzvhbayPZrAIt40cJE87DcvjN3DFF/kNuIHCiCS
p46v27heaMfVazuB7QCyYglmNkeQ9orfRi4XECYCRlNz0aKxBcl9QqdbFKZj7f41
RGF/Qvx7iYI6zoDpsPAJlXGYJkCRwogIP61tL4Q0VjgQI4aCzRW8TloM9dU45Iwk
NDjXKsJlvRDtlPnxxhWZsqXGHWMvn7MfNFdMzO88GwWemEBTerd65KKUqocqttME
DEiW9a1/wWyronBonzqwm/YSyyET61mHMJ191l98SUOSuPAXwPTsmCauKXqFJPog
HTWMYz17WoWJCdCwB5SrLYUp0yEP4IsSGggWR2k66k6rzUDVGdAH3b5c/z51Qzjx
bza+ALQGpZH5S4riG7D6nReDwHop+8ASIvA/yiE/t5wDeOWWOLVvHxN/9ha7t+yP
dXPwcgK4ig/uwpYyhYpMkpFWuU0PHMXHHZ1yEncXdFDi8MQ3lG4cClNGbIHQMqJE
xoq5qMg9nRD1ZLHjfs0gBhBeQGmbKH/9cSEjnCR4k5r8UcM7gonbwrlGwbyekoFu
NK1h2G3vwISrD1aBeO8V
=2ofn
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list