Debian Bug report logs -
#856971
freetype: CVE-2016-10244
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 6 Mar 2017 19:24:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version freetype/2.5.2-3
Fixed in versions freetype/2.6.3-3.1, freetype/2.5.2-3+deb8u2, freetype/2.7.1-0.1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#856971; Package src:freetype.
(Mon, 06 Mar 2017 19:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>.
(Mon, 06 Mar 2017 19:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: freetype
Version: 2.5.2-3
Severity: important
Tags: security patch upstream
Hi,
the following vulnerability was published for freetype.
CVE-2016-10244[0]:
| The parse_charstrings function in type1/t1load.c in FreeType 2 before
| 2.7 does not ensure that a font contains a glyph name, which allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read) or possibly have unspecified other impact via a crafted
| file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244
[1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7)
[2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
Regards,
Salvatore
Added tag(s) pending.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Sun, 12 Mar 2017 13:39:05 GMT) (full text, mbox, link).
Reply sent
to Laurent Bigonville <bigon@debian.org>:
You have taken responsibility.
(Sun, 26 Mar 2017 09:06:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 26 Mar 2017 09:06:08 GMT) (full text, mbox, link).
Message #12 received at 856971-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.7.1-0.1
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 856971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laurent Bigonville <bigon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 11 Mar 2017 08:25:00 +0100
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.7.1-0.1
Distribution: experimental
Urgency: medium
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Laurent Bigonville <bigon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 837800 841029 856971
Changes:
freetype (2.7.1-0.1) experimental; urgency=medium
.
* Non-maintainer upload.
* New upstream release (Closes: #837800)
- debian/patches-freetype, debian/patches-ft2demos: Refreshed
- Improve the recursive reference detector (Closes: #841029)
- Fix heap buffer overflow (Closes: #856971 CVE-2016-10244)
* d/p-freetype/Revert-builds-unix-unix-cc.in-LINK_LIBRARY-Use-expor.patch:
Revert upstream commit that added the -export-symbols option to libtool,
we need to review the symbols used in debian before we can hide the
private one.
* debian/libfreetype6.symbols: Make any application depending on private
symbols depend against an invalid package, this will help us to find out
which packages (if any) are abusing the API.
* debian/control: Remove duplicate Section to please lintian
* debian/control: Bump Standards-Version 3.9.8 (no further changes)
Checksums-Sha1:
fd1b5ff710d15cbc8f1c492fac0dbb2af5cab210 1812 freetype_2.7.1-0.1.dsc
ee5168a2fc32c1a99e14568a8b49bbbd3257bfca 4174317 freetype_2.7.1.orig.tar.gz
a942cf7efe9450d247947952ccf4630f3579f6da 39348 freetype_2.7.1-0.1.diff.gz
6a3116f0e01992d791014e46e22ce36e19f548c3 703244 freetype2-demos-dbgsym_2.7.1-0.1_amd64.deb
96efe594813f253704042b0927e799c3e32d6fbf 117664 freetype2-demos_2.7.1-0.1_amd64.deb
567143b0c5bf3bb03d728f73d34505f412a158c3 7215 freetype_2.7.1-0.1_amd64.buildinfo
89148d6dfbb99e01e6924cc97795a85065073bab 957332 libfreetype6-dbgsym_2.7.1-0.1_amd64.deb
4f28c98da798f54a915149578d3308d627ebf689 2635348 libfreetype6-dev_2.7.1-0.1_amd64.deb
e5f78d17e2bb2801bcafb960531ba67b8b90962f 311296 libfreetype6-udeb_2.7.1-0.1_amd64.udeb
b06bfaa98b4708f182b70a7f4e1139952e7f38e1 432426 libfreetype6_2.7.1-0.1_amd64.deb
Checksums-Sha256:
f2f5ea17a0d8ab639343c82167743b17425ce10da8e94858193d22d9ee27a224 1812 freetype_2.7.1-0.1.dsc
16739536b9a705f5984ab439323bff6689f41b90a2962ceb20564d23141524f1 4174317 freetype_2.7.1.orig.tar.gz
3ca28d8a4916d5cec0adbab9f7fdeed214c8eff855f0bca70f4d5c7e41751cae 39348 freetype_2.7.1-0.1.diff.gz
5d3bf69523fce4b223eb327ee86324ffbadb9bfac6316d7904acf42a934ef865 703244 freetype2-demos-dbgsym_2.7.1-0.1_amd64.deb
22e00722c1a3af598c8d081feadcafc8bb60deb38bbd09a3647540b9e557d4fe 117664 freetype2-demos_2.7.1-0.1_amd64.deb
f581a41c098b974d4a80949f3f77420e7b73b40b128910a21ed686592f605df8 7215 freetype_2.7.1-0.1_amd64.buildinfo
a84f7b9bd21f91f42339881956d7bd62a775cec1e8f063dea9fd926e48dd4e27 957332 libfreetype6-dbgsym_2.7.1-0.1_amd64.deb
64cbeabd30e36b0d8f55be6d3ad565bc3f833dd2a8bb44f1b07afb419aa2e4e4 2635348 libfreetype6-dev_2.7.1-0.1_amd64.deb
4ac2fa87647b74b4a8e9b27592be4a82ed66eacd571276de64a77d83fe24e9f7 311296 libfreetype6-udeb_2.7.1-0.1_amd64.udeb
a70432bfe3b8307ae7f5da47961b95337a4b7f1ea0d28dce6ed005eadeb3a260 432426 libfreetype6_2.7.1-0.1_amd64.deb
Files:
bf9e66216740d4217714505fdf37ed34 1812 libs optional freetype_2.7.1-0.1.dsc
75950b914571f0fe877e96028da4173c 4174317 libs optional freetype_2.7.1.orig.tar.gz
bcdb442332ad68422bd1879c124de6d1 39348 libs optional freetype_2.7.1-0.1.diff.gz
12c5be0e4fcd89a9451c64ce63d1cae0 703244 debug extra freetype2-demos-dbgsym_2.7.1-0.1_amd64.deb
36a07163f482c6f87d6594cb05c5566e 117664 utils optional freetype2-demos_2.7.1-0.1_amd64.deb
472fe7fc0d5814face4533b73d1deeb3 7215 libs optional freetype_2.7.1-0.1_amd64.buildinfo
46507558e133a2dcb760009ba17ea40f 957332 debug extra libfreetype6-dbgsym_2.7.1-0.1_amd64.deb
50d12fc0bb8d644f3e7b7b9cdbc7e15f 2635348 libdevel optional libfreetype6-dev_2.7.1-0.1_amd64.deb
42cd270055e039409d0bc6631c2fe6f6 311296 debian-installer extra libfreetype6-udeb_2.7.1-0.1_amd64.udeb
e9e0adbb6e2ceb3094ac97219d86492e 432426 libs optional libfreetype6_2.7.1-0.1_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAljDp3kPHGJpZ29uQGJp
Z29uLmJlAAoJEB/FiR66sEPVjjEIAIsZdD6slSYPW3X1rWGCFow9I4P9Tzjjw1NA
4KEhV8lq7Cx1uD23mXOvc6lxOowxjSNqaTRCvSqsOh48+vw+CwRFtDew7g4pc3Eh
SY3SG4nHdvLEmwl/8+9s5UpaITqOeHphQqM1u+w4zufEwem3HuzqYZl8ydrrKc5N
A9jm3cLHguk9wfjprYQvO8empRjrF6FTk2I6oYo1SuGZC4lmrSEWsrv8kI7bgwkM
+E6wE7Uautw3lUfwRolggqjnevFEzk7QBh04LcqG1EA833PoFEIVX/ngdPDAGYSd
2Vyzs6t5tgQXOqsnAjFwhXowm27BLCF7/NcqZEXEMpbgFB9tZQQ=
=lgL2
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, jmm@debian.org, bonaccos@ee.ethz.ch, Steve Langasek <vorlon@debian.org>:
Bug#856971; Package src:freetype.
(Thu, 30 Mar 2017 17:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to jmm@debian.org, bonaccos@ee.ethz.ch, Steve Langasek <vorlon@debian.org>.
(Thu, 30 Mar 2017 17:30:03 GMT) (full text, mbox, link).
Message #17 received at 856971@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 856971 + pending
Dear maintainer,
I've prepared an NMU for freetype (versioned as 2.6.3-3.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I should
delay it longer or if I can reschedule it to upload earlier.
Regards,
Salvatore
[freetype-2.6.3-3.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 856971-submit@bugs.debian.org.
(Thu, 30 Mar 2017 17:30:03 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 04 Apr 2017 17:51:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 04 Apr 2017 17:51:10 GMT) (full text, mbox, link).
Message #24 received at 856971-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.6.3-3.1
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 856971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Mar 2017 19:16:33 +0200
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.6.3-3.1
Distribution: unstable
Urgency: medium
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 856971
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.6.3-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2016-10244: Heap-buffer-overflow
src/type1/t1load.c (parse_charstrings): Reject fonts that don't contain
glyph names. (Closes: #856971)
Package-Type: udeb
Checksums-Sha1:
40c2280c964f16bdff145c40d5166349e08ce2fd 2292 freetype_2.6.3-3.1.dsc
b2676d0808ad55076ec4b33ce0ec7b2815569a98 38955 freetype_2.6.3-3.1.diff.gz
Checksums-Sha256:
68fe770dd2f3e9cb5cfe9d81ee3c14da5bd1d0ae4664cfe85f553ce21793e406 2292 freetype_2.6.3-3.1.dsc
26b01410c4a9a41e8f35d85cc1bbd175338a0963ad1a2b9a48ad875ba0d4a994 38955 freetype_2.6.3-3.1.diff.gz
Files:
2ef7f67c787c004476a92fc5ade81e49 2292 libs optional freetype_2.6.3-3.1.dsc
4dd631e8ef4065ca0a2bff8044a04cf9 38955 libs optional freetype_2.6.3-3.1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljdPyFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EukYQAI6zxtWoeSpz+yKOojcLWD6fobrTX5ix
lWdAHuo7H+EmGDMzQkKjLjgNaKPe6kx0jPPv8uVX6NmsThWnrVodyb4swIVOheJk
Fwp+ALXhxEaN8HqBXhdYixyXJHTNyB3xTV1N38fVig12KpelEG5vV46P7CAyV2Aj
8ii1xs90j1skmN/zWhwBI889hDLvmQzpn4T0GC3+i5zX8P0rNfUKwVZw4Wd98+PU
QMvdZhcewiDNDOJtvzwCQInJTHX4g4jkxb9D58wphX+NeXAjxVo7mNMLPVXDk5mF
qIGF05ISpjGcieiwDgqzrV9SXCS3wHNjJwgDGPU/8ZrlJBXTLx67ahEWGR0PVYJr
dd8W9l1JtGgMPXNYtJz/3RfvbBwo18cB5FGMfIieO7cSZLVWzJ+j6yMzwdCwQraD
Isa0qmQW5TnQwuXxzioOgJ94CIsgqumdbXXRSf8UyBnO3RwedP1eWryBMTO0TbB1
ud7zMBorpNaDQV02VfqDZk58OlN3MpzJ7qHcKkb+5O7g7ZtBhV/EenwqMCHhMzWk
3b0VptIGSqXR+EH7QW/UWPCkTdlk6zShZ6VMVCD5KgzKJ7aisM6KZQvwpZFJguK8
RRh8Lk2ckYgOAQ4i6Na3EZoFT+X0ity9FOD9LxWvE+DA+zBSAF2wQJSxhyHgen/O
vDhySMI6pZD0
=yRBZ
-----END PGP SIGNATURE-----
Marked as fixed in versions freetype/2.5.2-3+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 21 Apr 2017 15:57:03 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 29 Apr 2017 13:36:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 29 Apr 2017 13:36:04 GMT) (full text, mbox, link).
Message #31 received at 856971-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.5.2-3+deb8u2
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 856971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Apr 2017 12:05:02 +0200
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.5.2-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 856971 861220 861308
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.5.2-3+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Moritz Mühlenhoff ]
* CVE-2016-10244 (Closes: #856971)
.
[ Salvatore Bonaccorso ]
* [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
* t1_builder_close_contour: Add safety guard (CVE-2017-8287)
(Closes: #861308)
Package-Type: udeb
Checksums-Sha1:
ab498f8ec8aab60d331b85c5ce9897209e4dc93f 2283 freetype_2.5.2-3+deb8u2.dsc
0ae3785e031a0d46e430ab42ee2eaf4a7091c3a5 70170 freetype_2.5.2-3+deb8u2.diff.gz
Checksums-Sha256:
e63b0cc18482fe5971880271c2dbacd6957288608fef8c40fe127db79a9008dd 2283 freetype_2.5.2-3+deb8u2.dsc
0247f57efcb83b208fc1967520a53ecf21c5aca9ee2c433238914622e6938259 70170 freetype_2.5.2-3+deb8u2.diff.gz
Files:
0282d8e1dd99197f4b9b1023f92cec6d 2283 libs optional freetype_2.5.2-3+deb8u2.dsc
7ff276dc4d6efbb47ad1d6bcd7787679 70170 libs optional freetype_2.5.2-3+deb8u2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkB2O9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFF4P/jeyi0TXZIS3iw/6ftsRd97XqWeZ4G+/
PuRgw8Cwdo4uGpv0rI9EmJtBcInNSnmixiQEEo6SuiVJ9t8sWPSBadASQGr3WHSJ
wvdt0RujodUJy+c1o3Q/pEqmIwPr68B1p5b8oAEJol1nemvVssxCPZzsdp0fEWBS
HpEk52pR4c4EBStipJrPcEcfXfruAHmFRxvzLxQmi1SAEt2ldGEMVaj4MvDu8Ky5
Rm70pTd8sSSV+qk2r59Cwv21DheMTDaWT7Vh6+9yu7E+UXuG7X2Ns0UcgZqpSLCj
sgyyIHpK26duZzCdOBni3V9BIe0JLlET+yR9kqBBAY1kXKZRX3bXOZQN6x1rjBjS
tx8vh4QxH7h+c+OC5xEJK+7Umi+L8TMIC+eHL0ZjlZXBBQ4lAC2FJpva4Cc9YqFN
CXBM/vbIEaBGCcKr3nUFaruRZNAlomHVxlo7E/OkfdzXerYrAcO0aLNg1RzEmVgG
+gzHvq3wFceZf0i1Qf3vKn1tMauFMjUgJFlpAYdk/9+sa/tA4pjdFU2Lm4+/ED8W
PE+L2dPqEhsvmx4YinhhYr4cNBb1NDc9q1zJe/oLTH5c6t4PNB6gSjHjE6xsgnm5
Ll6vch4fCYHZuldr+rM+sV6eER4ArnGbKZ1Tl7xH2eR4sfe39qUAjPrP5OXw8oUj
oscqQJ72WLIW
=BlJJ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 28 May 2017 07:28:43 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:53:48 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon