-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.0 Source: freetype Binary: libfreetype6, libfreetype6-dev, freetype2-demos, libfreetype6-udeb Architecture: any Version: 2.5.2-3 Maintainer: Steve Langasek <[email protected]> Uploaders: Anthony Fok <[email protected]>, Keith Packard <[email protected]> Homepage: http://www.freetype.org Standards-Version: 3.9.6 Build-Depends: bzip2, debhelper (>= 9), docbook-to-man, gettext (>= 0.10.36-2), libx11-dev, x11proto-core-dev, libz-dev, quilt, libpng-dev, autoconf, automake, libtool Package-List: freetype2-demos deb utils optional arch=any libfreetype6 deb libs optional arch=any libfreetype6-dev deb libdevel optional arch=any libfreetype6-udeb udeb debian-installer extra arch=any Checksums-Sha1: cd585a224b742e769f4b14a8028b5d0889474a82 1971155 freetype_2.5.2.orig.tar.gz 0461db9903ba3cf76d8fb0c05589393f3bad6e37 65772 freetype_2.5.2-3.diff.gz Checksums-Sha256: 5fda4996e43cfdf9b602a0eb5abde014f1a3c3b2d82bbb9b86942011c63f5c3a 1971155 freetype_2.5.2.orig.tar.gz 3370204972ae5df8c0035dd0f473eee6cb461b85518c3155fc8ab062882b4bbd 65772 freetype_2.5.2-3.diff.gz Files: cd5d3efcc73e221e68992b7b062d77ac 1971155 freetype_2.5.2.orig.tar.gz f08c158f41e2e5e4d8ba23e98aa05e6f 65772 freetype_2.5.2-3.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVPFLYtsiGmkAAAARAQhGIhAAoUBg/8Gl8d2GbKKH55YZ7MCSpVvrdC6b jlhJidmgVgSniITsTIj/jwWQl+HqPfMFkMAv4TkwHsHtQQdK4kE99yI5mH4LFo3y q1pZjbvfqOD1lXyGVmeaeznAf2Cgk7i6qb9vHOc2gb8OLSWhTfohs/VGY2MgMftX 22blQYrVH+wNGtpmO/ilF4GZsKKY0eJ3hm7pMqRtBG4ewSIWgrT+RnJFm+Te8PhY 1Xo8mhSUBGJfdBVARf9fk9OOqamdOT5PftsKLV11QCeIkpTvHHm6H4oyrfHGHnKQ Mr6G1eKAxsFB3LMx6JzxjFwdPiBLFXtjokhF0T8v5kKL/h3Fp/oUcvtgE09G+wmq 5VJ5QdR3qjFLSyC1/qdeh2uGJZt2eIZYcBqZ8m0zFSgoGIxBof8pefTExOWoZu9i F4QxaJ6fD3n6efu/YgbRtw/L5cdgSgC+vlXPS4u9LhO1gp1SuG8BvLOsgCXm8gSd GQWInVyDM4cd3yrdi0SH+/FX40L3Brd+TbDfRhhaYu5a5Zz6R/5qBWfaCJuLTNox gQVueve3f6CU1y5/tEug5cKoLSbmKPIJqziVld/nWIEgZ2beaMgWb7Gn7eQQ7peN DmrrQ1lKtuUhL+xsQDNLRlCroyEt1qCjJbQaS/Cuz0cMXF31IxmHUQo1Drjjs3Eo zKLb7wgKQJA= =qvs7 -----END PGP SIGNATURE----- Changes: freetype (2.5.2-3) unstable; urgency=medium * Fix Savannah bug #43535. CVE-2014-9675 * [bdf] Fix Savannah bug #41692. CVE-2014-9675-fixup-1 * src/base/ftobj.c (Mac_Read_POST_Resource): Additional overflow check in the summation of POST fragment lengths. CVE-2014-0674-part-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold too long tracing messages. CVS-2014-9674-fixup-2 * src/base/ftobjs.c (Mac_Read_POST_Resource): Use unsigned long variables to read the lengths in POST fragments. CVE-2014-9674-fixup-1 * Fix Savannah bug #43538. CVE-2014-9674-part-1 * Fix Savannah bug #43539. CVE-2014-9673 * src/base/ftobjs.c (Mac_Read_POST_Resource): Avoid memory leak by a broken POST table in resource-fork. CVE-2014-9673-fixup * Fix Savannah bug #43540. CVE-2014-9672 * Fix Savannah bug #43547. CVE-2014-9671 * Fix Savannah bug #43548. CVE-2014-9670 * [sfnt] Fix Savannah bug #43588. CVE-2014-9669 * [sfnt] Fix Savannah bug #43589. CVE-2014-9668 * [sfnt] Fix Savannah bug #43590. CVE-2014-9667 * [sfnt] Fix Savannah bug #43591. CVE-2014-9666 * Change some fields in `FT_Bitmap' to unsigned type. CVE-2014-9665 * Fix uninitialized variable warning. CVE-2014-9665-fixup-2 * Make `FT_Bitmap_Convert' correctly handle negative `pitch' values. CVE-2014-9665-fixup * [type1, type42] Fix Savannah bug #43655. CVE-2014-9664 * [sfnt] Fix Savannah bug #43656. CVE-2014-9663 * [cff] Fix Savannah bug #43658. CVE-2014-9662 * [type42] Allow only embedded TrueType fonts. CVE-2014-9661 * [bdf] Fix Savannah bug #43660. CVE-2014-9660 * [cff] Fix Savannah bug #43661. CVE-2014-9659 * [sfnt] Fix Savannah bug #43672. CVE-2014-9658 * [truetype] Fix Savannah bug #43679. CVE-2014-9657 * [sfnt] Fix Savannah bug #43680. CVE-2014-9656 * All CVEs patched. Closes: #777656. -- Keith Packard <[email protected]> Mon, 23 Feb 2015 22:04:36 -0800
