Bug#696691: freetype: multiple vulnerabilities in freetype before 2.4.11

Tue, 25 Dec 2012 15:36:15 -0800 

Source: freetype
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

the following vulnerabilities were published for freetype.

CVE-2012-5670[0]:
Out-of-bounds write in _bdf_parse_glyphs

CVE-2012-5669[1]:
Out-of-bounds read in _bdf_parse_glyphs

CVE-2012-5668[2]:
NULL Pointer Dereference in bdf_free_font

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2012-5670
    https://savannah.nongnu.org/bugs/?37907
[1] http://security-tracker.debian.org/tracker/CVE-2012-5669
    https://savannah.nongnu.org/bugs/?37906
[2] http://security-tracker.debian.org/tracker/CVE-2012-5668
    https://savannah.nongnu.org/bugs/?37905

Please adjust the affected versions in the BTS as needed.

Note I'm only reporting these issues reportd in [3] to the BTS.

[3] http://www.openwall.com/lists/oss-security/2012/12/25/1

Regards,
Salvatore

- -- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ2jd5AAoJEHidbwV/2GP+aVsP/iZF8NvECdGiP2vfGMiN1/iB
Cqn4oRJW24ZhvONmw4xOumcjrqVPEV9BJ36wFQk7PWAzJSxq4mSb1ntJV5oZtUa+
yYQeNweoBTYc53wvc66YmQa31XzvhbayPZrAIt40cJE87DcvjN3DFF/kNuIHCiCS
p46v27heaMfVazuB7QCyYglmNkeQ9orfRi4XECYCRlNz0aKxBcl9QqdbFKZj7f41
RGF/Qvx7iYI6zoDpsPAJlXGYJkCRwogIP61tL4Q0VjgQI4aCzRW8TloM9dU45Iwk
NDjXKsJlvRDtlPnxxhWZsqXGHWMvn7MfNFdMzO88GwWemEBTerd65KKUqocqttME
DEiW9a1/wWyronBonzqwm/YSyyET61mHMJ191l98SUOSuPAXwPTsmCauKXqFJPog
HTWMYz17WoWJCdCwB5SrLYUp0yEP4IsSGggWR2k66k6rzUDVGdAH3b5c/z51Qzjx
bza+ALQGpZH5S4riG7D6nReDwHop+8ASIvA/yiE/t5wDeOWWOLVvHxN/9ha7t+yP
dXPwcgK4ig/uwpYyhYpMkpFWuU0PHMXHHZ1yEncXdFDi8MQ3lG4cClNGbIHQMqJE
xoq5qMg9nRD1ZLHjfs0gBhBeQGmbKH/9cSEjnCR4k5r8UcM7gonbwrlGwbyekoFu
NK1h2G3vwISrD1aBeO8V
=2ofn
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to