← Back to team overview

touch-packages team mailing list archive

[Bug 1492124] Re: infinite loop in parse_encoding (t1load.c)

 

This bug was fixed in the package freetype - 2.5.2-4ubuntu2

---------------
freetype (2.5.2-4ubuntu2) wily; urgency=medium

  * SECURITY UPDATE: denial of service via infinite loop in parse_encode
    (LP: #1492124)
    - debian/patches-freetype/savannah-bug-41590.patch: protect against
      invalid charcode in src/type1/t1load.c.
    - No CVE number

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 10 Sep 2015
07:05:53 -0400

** Changed in: freetype (Ubuntu Wily)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1492124

Title:
  infinite loop in parse_encoding (t1load.c)

Status in FreeType:
  Unknown
Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Precise:
  Fix Released
Status in freetype source package in Trusty:
  Fix Released
Status in freetype source package in Vivid:
  Fix Released
Status in freetype source package in Wily:
  Fix Released

Bug description:
  Ubuntu 14.04's libfreetype has not been patched with the fix for [1], thus applications that use libfreetype6 are vulnerable to infinite loops. e.g. Chromium / Google Chrome. [2] If you add a small patch to apply freetype commit 
  df14e6 [3], that should fix the problem. I verified this locally.

  I have not checked other Ubuntu releases to see if they are affected.

  [1] http://savannah.nongnu.org/bugs/index.php?41590
  [2] https://code.google.com/p/chromium/issues/detail?id=459050
  [3] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75

To manage notifications about this bug go to:
https://bugs.launchpad.net/freetype/+bug/1492124/+subscriptions


References