touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #101618
[Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
This bug was fixed in the package freetype - 2.5.2-2ubuntu3.1
---------------
freetype (2.5.2-2ubuntu3.1) vivid-security; urgency=medium
* SECURITY UPDATE: uninitialized memory reads (LP: #1449225)
- debian/patches-freetype/savannah-bug-41309.patch: fix use of
uninitialized data in src/cid/cidload.c, src/psaux/psobjs.c,
src/type1/t1load.c, src/type42/t42parse.c.
- No CVE number
* SECURITY UPDATE: denial of service via infinite loop in parse_encode
(LP: #1492124)
- debian/patches-freetype/savannah-bug-41590.patch: protect against
invalid charcode in src/type1/t1load.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Thu, 10 Sep 2015
07:07:57 -0400
** Changed in: freetype (Ubuntu Vivid)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225
Title:
Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.
Status in freetype package in Ubuntu:
Fix Released
Status in freetype source package in Precise:
Confirmed
Status in freetype source package in Trusty:
Confirmed
Status in freetype source package in Utopic:
Confirmed
Status in freetype source package in Vivid:
Fix Released
Status in freetype source package in Wily:
Fix Released
Bug description:
FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
. This change is not in any of the current FreeType packages (Precise
freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
is a fix for a few use of uninitialized data bugs which were found by
msan, and is in FreeType 2.5.3 (but comes after 2.5.2).
This is a request to backport
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
to all currently supported packages of FreeType, as all of them appear
to be affected. Since this fixes reads of uninitialized memory in a
widely used package, I'm marking this as a security related issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions