CVE-2007-1351 bdf font overflows

Debian Bug report logs - #426771
CVE-2007-1351 bdf font overflows

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kees Cook <kees@outflux.net>

To: Debian Bugs <submit@bugs.debian.org>

Subject: CVE-2007-1351 bdf font overflows

Date: Wed, 30 May 2007 13:10:44 -0700

[Message part 1 (text/plain, inline)]

Package: freetype
Version: 2.2.1-6
Severity: important
Tags: patch, security

As I understand it, freetype was impacted by CVE-2007-1351 as well as
libxfont (which was updated).  Attached in the patch for fixing bdf
overflows in freetype.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
http://packages.debian.org/changelogs/pool/main/libx/libxfont/current/changelog

-- 
Kees Cook                                            @outflux.net

[CVE-2007-1351_bdf_integer.patch (text/x-diff, attachment)]

Message #12 received at 426771-done@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: Kees Cook <kees@outflux.net>, 426771-done@bugs.debian.org

Subject: Re: Bug#426771: CVE-2007-1351 bdf font overflows

Date: Mon, 9 Jul 2007 18:10:07 -0700

Version: 2.3.5-1
found 426771 2.2.1-5
thanks

On Wed, May 30, 2007 at 01:10:44PM -0700, Kees Cook wrote:
> Package: freetype
> Version: 2.2.1-6
> Severity: important
> Tags: patch, security

> As I understand it, freetype was impacted by CVE-2007-1351 as well as
> libxfont (which was updated).  Attached in the patch for fixing bdf
> overflows in freetype.

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
> http://packages.debian.org/changelogs/pool/main/libx/libxfont/current/changelog

This bug is fixed in 2.3.5-1 which has just been uploaded to unstable, but
is present in 2.2.1-5 in stable.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Message #17 received at 426771@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: 426771@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#426771: CVE-2007-1351 bdf font overflows

Date: Mon, 9 Jul 2007 18:18:10 -0700

[Message part 1 (text/plain, inline)]

On Wed, May 30, 2007 at 01:10:44PM -0700, Kees Cook wrote:
> Package: freetype
> Version: 2.2.1-6
> Severity: important
> Tags: patch, security

> As I understand it, freetype was impacted by CVE-2007-1351 as well as
> libxfont (which was updated).  Attached in the patch for fixing bdf
> overflows in freetype.

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
> http://packages.debian.org/changelogs/pool/main/libx/libxfont/current/changelog

I've prepared a freetype 2.2.1-5+etch4 package which addresses this security
bug, and uploaded it to <http://people.debian.org/~vorlon/freetype/>. 
Security Team, please advise whether I should upload this to security.d.o. 
AIUI, uploading this package should not interfere with the pending oldstable
security update for the previous security hole.

The diff for the etch upload, taken from upstream, is attached to this mail.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

[freetype-426771.diff (text/x-diff, attachment)]

Send a report that this bug log contains spam.