Debian Bug report logs -
#861220
freetype: CVE-2017-8105
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 26 Apr 2017 06:24:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in versions freetype/2.5.2-3, freetype/2.7.1-0.1
Fixed in versions freetype/2.6.3-3.2, freetype/2.5.2-3+deb8u2, freetype/2.8-0.1
Done: Laurent Bigonville <bigon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#861220; Package src:freetype.
(Wed, 26 Apr 2017 06:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>.
(Wed, 26 Apr 2017 06:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: freetype
Version: 2.5.2-3
Severity: important
Tags: upstream patch security
Hi,
the following vulnerability was published for freetype.
CVE-2017-8105[0]:
| FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a
| heap-based buffer overflow related to the t1_decoder_parse_charstrings
| function in psaux/t1decode.c.
It is fixed by the upstream commit [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
[1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
Regards,
Salvatore
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 27 Apr 2017 06:15:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#861220; Package src:freetype.
(Thu, 27 Apr 2017 19:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(Thu, 27 Apr 2017 19:27:06 GMT) (full text, mbox, link).
Message #12 received at 861220@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 861220 + pending
Control: tags 861308 + pending
Dear maintainer,
I've prepared an NMU for freetype (versioned as 2.6.3-3.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[freetype-2.6.3-3.2-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 861220-submit@bugs.debian.org.
(Thu, 27 Apr 2017 19:27:06 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 29 Apr 2017 13:36:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 29 Apr 2017 13:36:06 GMT) (full text, mbox, link).
Message #19 received at 861220-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.5.2-3+deb8u2
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861220@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Apr 2017 12:05:02 +0200
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.5.2-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 856971 861220 861308
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.5.2-3+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Moritz Mühlenhoff ]
* CVE-2016-10244 (Closes: #856971)
.
[ Salvatore Bonaccorso ]
* [psaux] Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
* t1_builder_close_contour: Add safety guard (CVE-2017-8287)
(Closes: #861308)
Package-Type: udeb
Checksums-Sha1:
ab498f8ec8aab60d331b85c5ce9897209e4dc93f 2283 freetype_2.5.2-3+deb8u2.dsc
0ae3785e031a0d46e430ab42ee2eaf4a7091c3a5 70170 freetype_2.5.2-3+deb8u2.diff.gz
Checksums-Sha256:
e63b0cc18482fe5971880271c2dbacd6957288608fef8c40fe127db79a9008dd 2283 freetype_2.5.2-3+deb8u2.dsc
0247f57efcb83b208fc1967520a53ecf21c5aca9ee2c433238914622e6938259 70170 freetype_2.5.2-3+deb8u2.diff.gz
Files:
0282d8e1dd99197f4b9b1023f92cec6d 2283 libs optional freetype_2.5.2-3+deb8u2.dsc
7ff276dc4d6efbb47ad1d6bcd7787679 70170 libs optional freetype_2.5.2-3+deb8u2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkB2O9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFF4P/jeyi0TXZIS3iw/6ftsRd97XqWeZ4G+/
PuRgw8Cwdo4uGpv0rI9EmJtBcInNSnmixiQEEo6SuiVJ9t8sWPSBadASQGr3WHSJ
wvdt0RujodUJy+c1o3Q/pEqmIwPr68B1p5b8oAEJol1nemvVssxCPZzsdp0fEWBS
HpEk52pR4c4EBStipJrPcEcfXfruAHmFRxvzLxQmi1SAEt2ldGEMVaj4MvDu8Ky5
Rm70pTd8sSSV+qk2r59Cwv21DheMTDaWT7Vh6+9yu7E+UXuG7X2Ns0UcgZqpSLCj
sgyyIHpK26duZzCdOBni3V9BIe0JLlET+yR9kqBBAY1kXKZRX3bXOZQN6x1rjBjS
tx8vh4QxH7h+c+OC5xEJK+7Umi+L8TMIC+eHL0ZjlZXBBQ4lAC2FJpva4Cc9YqFN
CXBM/vbIEaBGCcKr3nUFaruRZNAlomHVxlo7E/OkfdzXerYrAcO0aLNg1RzEmVgG
+gzHvq3wFceZf0i1Qf3vKn1tMauFMjUgJFlpAYdk/9+sa/tA4pjdFU2Lm4+/ED8W
PE+L2dPqEhsvmx4YinhhYr4cNBb1NDc9q1zJe/oLTH5c6t4PNB6gSjHjE6xsgnm5
Ll6vch4fCYHZuldr+rM+sV6eER4ArnGbKZ1Tl7xH2eR4sfe39qUAjPrP5OXw8oUj
oscqQJ72WLIW
=BlJJ
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 29 Apr 2017 19:51:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 29 Apr 2017 19:51:07 GMT) (full text, mbox, link).
Message #24 received at 861220-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.6.3-3.2
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861220@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Apr 2017 20:57:40 +0200
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source
Version: 2.6.3-3.2
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 861220 861308
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Changes:
freetype (2.6.3-3.2) unstable; urgency=high
.
* Non-maintainer upload.
* Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
* t1_builder_close_contour: Add safety guard (CVE-2017-8287)
(Closes: #861308)
Package-Type: udeb
Checksums-Sha1:
c8672f631d38b6684af53448469240937cd3c6cf 2292 freetype_2.6.3-3.2.dsc
96981e12e9c1a00a6d0e8d31bdd7a26e48115e46 40027 freetype_2.6.3-3.2.diff.gz
Checksums-Sha256:
631d4fa321885bb0b950abc4061eb1a720fd249a14b940e4aa10dd78ce2a19b2 2292 freetype_2.6.3-3.2.dsc
ca45f666d5bf5bcdadbff72f0c8d7335c36e2174e9fd07ef658a9def6eac6aff 40027 freetype_2.6.3-3.2.diff.gz
Files:
5b21bc1915de5c9d4239217ff6af1b27 2292 libs optional freetype_2.6.3-3.2.dsc
09486b0596d13e5dc0a296601a5bdef1 40027 libs optional freetype_2.6.3-3.2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkCRWRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EahQP/3otwdThLFp3kLGgi7O81lZ7lKRUCugK
pv6mukeKWrZt4H0AAUKYoW6YMQI3oLNVDqIop2Kmd0D49NlPABKI2OwkRsxwM9Tp
hS56v3j+vg1biqmZbyXMPLpTOtu8zco9wu2ez3ICMY7qlWwSEUQlfHktia/gXYpz
Kul5TwfagTlJ37lFdpF6MgJh0KT8IECC3FrVqavL6SGjSmhAZUDK1Ho3tax3zJ2+
aBk31RKYoTzPSIfAQYMOyZufrTczetHUx17+yCYypF2RMyXIeomDFQu2Z6oPIQqW
M2S6CLWN3iUAyj8T2QCxvfdiptAcblSkCSsyewckmjdz3bc3L4pyD5Thi1wYpPWJ
3trYFhugz+4gs0iDi+/M/jjaxn9SuPL4fYRFM+bu+T8qFXBLLWdjUvck7sE/iNw1
Kicn9ZHapgvJjBVI4a31yjYyMNLVVh44XOjJesN1Qoiqs+b3ngSL4laOaEpmkVtQ
APXy8yyoH0IUgCAnuDywBQZX0jS9k3o/q29gLi/ZjDvkQFxBoTIMd/0zyZ0QcyU8
ouw1K3xzCyzxH6uElv3yEW/IPk6gJwIDHNuqhLFBOl7QApaZ8FIqspohDqhjKu4F
HrhOJ9WGWFGvsQq24DGORVqoadYpbwzp0ks8Yc1NtbPSJRbtnb/r+RlSfu39SzF3
8qa3XZ2IDzwL
=9hJI
-----END PGP SIGNATURE-----
Marked as found in versions freetype/2.7.1-0.1 and reopened.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 30 Apr 2017 08:57:03 GMT) (full text, mbox, link).
Reply sent
to Laurent Bigonville <bigon@debian.org>:
You have taken responsibility.
(Sun, 28 May 2017 10:36:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 28 May 2017 10:36:08 GMT) (full text, mbox, link).
Message #31 received at 861220-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.8-0.1
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 861220@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laurent Bigonville <bigon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 26 May 2017 17:39:07 +0200
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.8-0.1
Distribution: experimental
Urgency: medium
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Laurent Bigonville <bigon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 860307 860313 861220 861308
Changes:
freetype (2.8-0.1) experimental; urgency=medium
.
* Non-maintainer upload.
* New upstream release
- Better protect `flex' handling (CVE-2017-8105) (Closes: #861220)
- t1_builder_close_contour: Add safety guard (CVE-2017-8287)
(Closes: #861308)
- tt_size_reset: Do nothing for CFF2 (CVE-2017-7864) (Closes: #860313)
- Improve handling for buggy variation fonts (CVE-2017-7857 CVE-2017-7858)
(Closes: #860307)
Checksums-Sha1:
c309662ce0a8422647a44fd724f720a8f6691c27 1802 freetype_2.8-0.1.dsc
cd947c7d6593880e36b1e0e5746dfab7c633314d 4225710 freetype_2.8.orig.tar.gz
2b0add0b2cac4bb6d63ef3a2fbc241e3429644af 39950 freetype_2.8-0.1.diff.gz
0d16bce9a19281c10df0bdb714b5d26a3c39151e 707670 freetype2-demos-dbgsym_2.8-0.1_amd64.deb
69b109d7b18c3403ff68313f4e6bbe1aa2ee28db 118930 freetype2-demos_2.8-0.1_amd64.deb
221a986c3f6ca293dceeb4bd759ee844167a92ec 7204 freetype_2.8-0.1_amd64.buildinfo
5f47cce915ba22281ede922cd63ce37fa1d634b1 979370 libfreetype6-dbgsym_2.8-0.1_amd64.deb
2bafb3b509fd75e217b7afc24cd0b4911d33a0bc 2652038 libfreetype6-dev_2.8-0.1_amd64.deb
c320642a60d871f15def795064ad70eb0e43031c 319948 libfreetype6-udeb_2.8-0.1_amd64.udeb
6dda061a5000c4cacf15f7aad19679696280155a 457458 libfreetype6_2.8-0.1_amd64.deb
Checksums-Sha256:
f3d63967bf4ca1e70e6bef84b45220c175ff9db7905eec40cee8f82b5d4a898b 1802 freetype_2.8-0.1.dsc
7ba438204ec4532cfa770faff63a90f0555369bb594c15014cc0fb5f0d52e3b4 4225710 freetype_2.8.orig.tar.gz
1e7d22aff95549ab9adc8110316fb687cbbc7206b3ca93bb6e46bd9f7a1258a5 39950 freetype_2.8-0.1.diff.gz
3cce74a07493cea2800161294c9e91bc35eb5096d72853221af88ee4e5943b5c 707670 freetype2-demos-dbgsym_2.8-0.1_amd64.deb
57291562ae4a97a1988ebdccd1dd7a5f4629825e311682c4e3c690abce6ee422 118930 freetype2-demos_2.8-0.1_amd64.deb
468ffb445b0fd362032e9535c4a6e5e1acbba5938b68aa4d3a46cf2225c848bf 7204 freetype_2.8-0.1_amd64.buildinfo
58b13cb5c684757bdb95b9d843203d2a5877c88500b058662efd63c9a8394efc 979370 libfreetype6-dbgsym_2.8-0.1_amd64.deb
bedd13230b147b0e92a980f4675d220f1a88ebbc504d73832930b38a5830c83b 2652038 libfreetype6-dev_2.8-0.1_amd64.deb
d12c3318e562bb020d3ee2f57c5c79b836185a93cecd59715de15df6c950114f 319948 libfreetype6-udeb_2.8-0.1_amd64.udeb
75d3d9d546053e70b04ff666764d4aa078600147ec24bbe40f29da52ecc87926 457458 libfreetype6_2.8-0.1_amd64.deb
Files:
641dd1ebc1a4475ba1dd29590ad8e338 1802 libs optional freetype_2.8-0.1.dsc
57f60f3460978f41aeea5f9159eb1dc5 4225710 libs optional freetype_2.8.orig.tar.gz
432fa93bef74bcbaab3a7ef741ff4e15 39950 libs optional freetype_2.8-0.1.diff.gz
d10147103f671ea3ab1101b718c6a7dd 707670 debug extra freetype2-demos-dbgsym_2.8-0.1_amd64.deb
1a3363c2a0ea823f3b701097416aa0e0 118930 utils optional freetype2-demos_2.8-0.1_amd64.deb
73516dbcc12103b9b63e649e6b173b49 7204 libs optional freetype_2.8-0.1_amd64.buildinfo
14922518599ba1ff390bca4ca8c6985f 979370 debug extra libfreetype6-dbgsym_2.8-0.1_amd64.deb
83ad2e7c4f512c3815979f990a1f7af5 2652038 libdevel optional libfreetype6-dev_2.8-0.1_amd64.deb
07e5531e530ffd432b10a6b3b98cde2e 319948 debian-installer extra libfreetype6-udeb_2.8-0.1_amd64.udeb
3b2f0be04f8389930b732af7e4d0e091 457458 libs optional libfreetype6_2.8-0.1_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAlkoTvIRHGJpZ29uQGRl
Ymlhbi5vcmcACgkQH8WJHrqwQ9UXPggAnD5JCD3CBcb9kEKygOvHRlLTUwr8AVO6
thMAJY2bXJvkBxRIgZtr6zYFEb4Zre/SR/2lhW0WnL7gwk2l/7oxbTcvklODhJB2
0mxRtsZExL/gRu9reN+/fnHe9wkQp6isLVrq9mVNsQBWiOFwijimtJ+L8rdiosrs
oXWVbDH2qoH9bMekUKK2bXUnaV1Ftv9o7IEcRvroauh4uZVAdlOuboUSo4Z2sCD7
gsLASggcWB7FHwQ8IsbKereKjrvHXULCaB/gpe3mbC9kELJd4eanxlrvNYNBr1xV
efxXSke6ZaXg4+gxHTu2kSnzY84SUwRMuoDIoBsBbx4Kn56R88q4tA==
=driz
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 26 Jun 2017 07:25:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:30:10 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon