-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Il 04/10/2010 23:03, Stefan Fritsch ha scritto: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-2116-1 secur...@debian.org > http://www.debian.org/security/ Stefan Fritsch > October 4, 2010 http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > Package : freetype > Vulnerability : integer overflow > Problem type : local (remote) > Debian-specific: no > CVE Id(s) : CVE-2010-3311 > > Marc Schoenefeld has found an input stream position error in the > way the FreeType font rendering engine processed input file streams. > If a user loaded a specially-crafted font file with an application > linked against FreeType and relevant font glyphs were subsequently > rendered with the X FreeType library (libXft), it could cause the > application to crash or, possibly execute arbitrary code. > > After the upgrade, all running applications and services that use > libfreetype6 should be restarted. In most cases, logging out and > in again should be enough. The script checkrestart from the > debian-goodies package or lsof may help to find out which > processes are still using the old version of libfreetype6. > > For the stable distribution (lenny), these problems have been fixed in > version 2.3.7-2+lenny4. > > The testing distribution (squeeze) and the unstable distribution (sid) > are not affected by this problem. > > We recommend that you upgrade your freetype packages.
Hello, i just ran the update via aptitude, and apt-listbug reported the package as affected by bug #592399 [1]. Aptitude installed 2.3.7-2+lenny4, and that version is not marked as bug-free in the bug report page. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592399 - -- Davide Mirtillo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyqzkoACgkQKhoNWaTioeYUrwCeMl8KWyrfw7uV1P2pPGVv62L7 WaQAn2+2JuyBgbGG3tgyoD6ywos4p4TW =eOvX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4caace4a.9030...@ser-tec.org
