← Back to team overview

touch-packages team mailing list archive

[Bug 1449225] Re: Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

 

** Information type changed from Private Security to Public Security

** Also affects: freetype (Ubuntu Wily)
   Importance: Undecided
       Status: New

** Also affects: freetype (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: freetype (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: freetype (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: freetype (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Changed in: freetype (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: freetype (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: freetype (Ubuntu Utopic)
       Status: New => Confirmed

** Changed in: freetype (Ubuntu Vivid)
       Status: New => Confirmed

** Changed in: freetype (Ubuntu Wily)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/1449225

Title:
  Backport #41309 ( 8b281f83e ) to fix use of uninitialized data.

Status in freetype package in Ubuntu:
  Confirmed
Status in freetype source package in Precise:
  Confirmed
Status in freetype source package in Trusty:
  Confirmed
Status in freetype source package in Utopic:
  Confirmed
Status in freetype source package in Vivid:
  Confirmed
Status in freetype source package in Wily:
  Confirmed

Bug description:
  FreeType issue https://savannah.nongnu.org/bugs/?41309 was fixed with
  http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  . This change is not in any of the current FreeType packages (Precise
  freetype 2.4.8-1ubuntu2.2 nor Trusty freetype 2.5.2-1ubuntu2.4 ). This
  is a fix for a few use of uninitialized data bugs which were found by
  msan, and is in FreeType 2.5.3 (but comes after 2.5.2).

  This is a request to backport
  http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1
  to all currently supported packages of FreeType, as all of them appear
  to be affected. Since this fixes reads of uninitialized memory in a
  widely used package, I'm marking this as a security related issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1449225/+subscriptions