Debian Bug report logs -
#425625
CVE-2007-2754: integer overflow and heap-based buffer overflow vulnerability in freetype
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 22 May 2007 21:03:02 UTC
Severity: grave
Tags: security
Found in version freetype/2.2.1-5
Fixed in versions freetype/2.2.1-6, freetype/2.2.1-5+etch4, freetype/2.1.7-8
Done: Steve Langasek <vorlon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libfreetype6
Version: 2.2.1-5
Severity: grave
Tags: security patch
Justification: user security hole
A vulnerability has been found in freetype. CVE-2007-2754:
"Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier
might allow remote attackers to execute arbitrary code via a crafted TTF image
with a negative n_points value, which leads to an integer overflow and
heap-based buffer overflow."
A patch is at [1].
Please mention the CVE id in the changelog.
[1] http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178
Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 425625-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.2.1-6
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.2.1-6_i386.deb
to pool/main/f/freetype/freetype2-demos_2.2.1-6_i386.deb
freetype_2.2.1-6.diff.gz
to pool/main/f/freetype/freetype_2.2.1-6.diff.gz
freetype_2.2.1-6.dsc
to pool/main/f/freetype/freetype_2.2.1-6.dsc
libfreetype6-dev_2.2.1-6_i386.deb
to pool/main/f/freetype/libfreetype6-dev_2.2.1-6_i386.deb
libfreetype6-udeb_2.2.1-6_i386.udeb
to pool/main/f/freetype/libfreetype6-udeb_2.2.1-6_i386.udeb
libfreetype6_2.2.1-6_i386.deb
to pool/main/f/freetype/libfreetype6_2.2.1-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 May 2007 03:26:25 -0700
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: source i386
Version: 2.2.1-6
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 425625
Changes:
freetype (2.2.1-6) unstable; urgency=high
.
* High-urgency upload for security fix.
* Remove spurious patch file from the package diff, sigh.
* Add debian/patches-freetype/CVE-2007-2754_ttgfload to address
CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted
TTF image by way of an integer overflow. Closes: #425625.
Files:
d806d4123e6d8ff8c775284a71c57ab0 786 libs optional freetype_2.2.1-6.dsc
143375cf09b19c9273e859171b66dfe6 30991 libs optional freetype_2.2.1-6.diff.gz
23d68b244ebef79fdc394de17824768e 343124 libs optional libfreetype6_2.2.1-6_i386.deb
c678a6b95b8855753d4d0d769d42e380 640060 libdevel optional libfreetype6-dev_2.2.1-6_i386.deb
8e6021e29c466c01b877ba644f33cd5a 133848 utils optional freetype2-demos_2.2.1-6_i386.deb
de5e69699190fcf5b1d2af74b4fe19df 236920 debian-installer extra libfreetype6-udeb_2.2.1-6_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGVBoEKN6ufymYLloRAls7AKCsnGhX+7teWTeUBb+bDvHaGyB6egCffiFK
7kJIU1W+5AwSA6iFrDEjT1s=
=tZLq
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #15 received at 425625@bugs.debian.org (full text, mbox, reply):
# no patch is included in this bug report
tags 425625 -patch
thanks
Hi Stefan,
On Tue, May 22, 2007 at 11:01:51PM +0200, Stefan Fritsch wrote:
> Package: libfreetype6
> Version: 2.2.1-5
> Severity: grave
> Tags: security patch
> Justification: user security hole
> A vulnerability has been found in freetype. CVE-2007-2754:
> "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier
> might allow remote attackers to execute arbitrary code via a crafted TTF image
> with a negative n_points value, which leads to an integer overflow and
> heap-based buffer overflow."
Ok, I've prepared a stopgap 2.2.1-6 upload for unstable to fix this bug
since I don't have the latest upstream version ready yet.
Security team, I'm not sure if this warrants a DSA; I definitely don't see
much risk of a remote exploit the way the CVE claims, I don't know of any
applications that will load untrusted truetype fonts provided remotely
across the network. If you do think a DSA is warranted here, let me know
and I'll be happy to prepare an upload.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Tags removed: patch
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Fri, 25 May 2007 02:30:12 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #22 received at 425625@bugs.debian.org (full text, mbox, reply):
Hi Steve,
Steve Langasek wrote:
> Security team, I'm not sure if this warrants a DSA; I definitely don't see
> much risk of a remote exploit the way the CVE claims, I don't know of any
> applications that will load untrusted truetype fonts provided remotely
> across the network. If you do think a DSA is warranted here, let me know
> and I'll be happy to prepare an upload.
I guess we should fix this, it's indirectly remotely exploitable at least
by providing someone a malformed TTF font file. As libfreetype is an important
infrastructure library there might also be unforeseen indirect attack
vectors, like embedding TTFs in other document types, etc.
Steve Kemp wanted to work on a DSA, so you should probably check back
with him before preparing an upload.
Cheers,
Moritz
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #27 received at 425625@bugs.debian.org (full text, mbox, reply):
On Sun May 27, 2007 at 12:47:58 +0200, Moritz Muehlenhoff wrote:
> I guess we should fix this, it's indirectly remotely exploitable at least
> by providing someone a malformed TTF font file. As libfreetype is an important
> infrastructure library there might also be unforeseen indirect attack
> vectors, like embedding TTFs in other document types, etc.
Agreed.
> Steve Kemp wanted to work on a DSA, so you should probably check back
> with him before preparing an upload.
I was planning on handling this yes, so if there were a fixed package
available for Etch then I'd appreciate seeing it.
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #32 received at 425625@bugs.debian.org (full text, mbox, reply):
On Tue, May 29, 2007 at 12:15:41PM +0100, Steve Kemp wrote:
> On Sun May 27, 2007 at 12:47:58 +0200, Moritz Muehlenhoff wrote:
> > I guess we should fix this, it's indirectly remotely exploitable at least
> > by providing someone a malformed TTF font file. As libfreetype is an important
> > infrastructure library there might also be unforeseen indirect attack
> > vectors, like embedding TTFs in other document types, etc.
> Agreed.
> > Steve Kemp wanted to work on a DSA, so you should probably check back
> > with him before preparing an upload.
> I was planning on handling this yes, so if there were a fixed package
> available for Etch then I'd appreciate seeing it.
Signed package for etch is on its way up to
<http://people.debian.org/~vorlon/freetype/> right now (built with -sa, so
should indeed be ready for upload straight to security-master). Changelog
is:
freetype (2.2.1-5+etch4) stable-security; urgency=high
* debian/patches-freetype/CVE-2007-2754_ttgfload: address CVE-2007-2754,
a bug allowing execution of arbitrary code via a crafted TTF image by
way of an integer overflow. Closes: #425625.
-- Steve Langasek <vorlon@debian.org> Wed, 23 May 2007 03:26:25 -0700
(hmm, date's wrong, that's what I get for just editing the existing -6
changelog entry and renumbering it. :)
Let me know if there's anything else you need from me for etch. I haven't
yet looked into whether this bug affects the sarge version of the package,
I'll do that next (unless somebody here already knows the answer).
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #37 received at 425625@bugs.debian.org (full text, mbox, reply):
On Wed May 30, 2007 at 06:19:29 -0700, Steve Langasek wrote:
> Signed package for etch is on its way up to
> <http://people.debian.org/~vorlon/freetype/> right now (built with -sa, so
> should indeed be ready for upload straight to security-master).
Thanks a lot, Steve.
> Let me know if there's anything else you need from me for etch.
Looks good, thanks. I'll upload tomorrow with an aim of getting
it released on Friday.
> I haven't
> yet looked into whether this bug affects the sarge version of the package,
> I'll do that next (unless somebody here already knows the answer).
I was under the impression that it wasn't vulnerable, but I admit
I've not yet checked. If we've not heard back by the time I make
the upload I'll take a look myself.
Steve
--
http://www.steve.org.uk/
Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #42 received at 425625-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.2.1-5+etch4
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb
freetype_2.2.1-5+etch4.diff.gz
to pool/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz
freetype_2.2.1-5+etch4.dsc
to pool/main/f/freetype/freetype_2.2.1-5+etch4.dsc
libfreetype6-dev_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb
libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
to pool/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
libfreetype6_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 May 2007 03:26:25 -0700
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: source i386
Version: 2.2.1-5+etch4
Distribution: stable-security
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 425625
Changes:
freetype (2.2.1-5+etch4) stable-security; urgency=high
.
* debian/patches-freetype/CVE-2007-2754_ttgfload: address CVE-2007-2754,
a bug allowing execution of arbitrary code via a crafted TTF image by
way of an integer overflow. Closes: #425625.
Files:
187a09fa137f44644a826cc561851023 798 libs optional freetype_2.2.1-5+etch4.dsc
a584e84d617c6e7919b4aef9b5106cf4 1451392 libs optional freetype_2.2.1.orig.tar.gz
83f454db44bdb8929e0f0381143dc5db 30963 libs optional freetype_2.2.1-5+etch4.diff.gz
f800ba2ee94137591a764136ec71cbd9 341778 libs optional libfreetype6_2.2.1-5+etch4_i386.deb
d15f9a17fe9b5756026779a9e6639305 641566 libdevel optional libfreetype6-dev_2.2.1-5+etch4_i386.deb
7fb03ee21e372b7a4602debe961f764a 135254 utils optional freetype2-demos_2.2.1-5+etch4_i386.deb
9c5125cd256d1e645470d08d7c73bba5 235858 debian-installer extra libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGXXjVKN6ufymYLloRAt8hAJ9iLOWxocSuzZWXTtVDzfV7uoNuQACgxaWo
eZzJueCco4gtT6o/k1A8HqA=
=iqkx
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #47 received at 425625@bugs.debian.org (full text, mbox, reply):
On May 30, 2007 at 10:59:15PM +0100, Steve Kemp wrote:
> > I haven't
> > yet looked into whether this bug affects the sarge version of the package,
> > I'll do that next (unless somebody here already knows the answer).
>
> I was under the impression that it wasn't vulnerable, but I admit
> I've not yet checked. If we've not heard back by the time I make
> the upload I'll take a look myself.
What has been the result? DSA 1302 doesn't mention Sarge.
Cheers,
Moritz
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #52 received at 425625@bugs.debian.org (full text, mbox, reply):
On Sat, Jul 07, 2007 at 07:23:38PM +0200, Moritz Muehlenhoff wrote:
> On May 30, 2007 at 10:59:15PM +0100, Steve Kemp wrote:
> > > I haven't
> > > yet looked into whether this bug affects the sarge version of the package,
> > > I'll do that next (unless somebody here already knows the answer).
> > I was under the impression that it wasn't vulnerable, but I admit
> > I've not yet checked. If we've not heard back by the time I make
> > the upload I'll take a look myself.
> What has been the result? DSA 1302 doesn't mention Sarge.
I've just checked, and the implementation of TT_Load_Simple_Glyph() in
freetype 2.1.7 has the same lack of bounds checking that 2.2 does. I would
say a security update is warranted after all. :/
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #57 received at 425625@bugs.debian.org (full text, mbox, reply):
On Sat, Jul 07, 2007 at 07:23:38PM +0200, Moritz Muehlenhoff wrote:
> On May 30, 2007 at 10:59:15PM +0100, Steve Kemp wrote:
> > > I haven't
> > > yet looked into whether this bug affects the sarge version of the package,
> > > I'll do that next (unless somebody here already knows the answer).
> > I was under the impression that it wasn't vulnerable, but I admit
> > I've not yet checked. If we've not heard back by the time I make
> > the upload I'll take a look myself.
> What has been the result? DSA 1302 doesn't mention Sarge.
I've uploaded a freetype 2.1.7-7 package to
<http://people.debian.org/~vorlon/freetype/>, signed and built for sarge.
Let me know if you would like me to upload this to security.d.o (I promise
I'll even use the embargoed queue this time, so you don't have to go hunting
for the upload ;).
Unfortunately, going back through my mail I see that there's another open
security report against freetype, bug #426771. I have not investigated this
at all to confirm which versions of freetype are affected. Please advise if
you would like me to look into this for possible inclusion in 2.1.7-7.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #62 received at 425625@bugs.debian.org (full text, mbox, reply):
On Mon Jul 09, 2007 at 12:43:57 -0700, Steve Langasek wrote:
> I've uploaded a freetype 2.1.7-7 package to
> <http://people.debian.org/~vorlon/freetype/>, signed and built for sarge.
Thanks.
> Let me know if you would like me to upload this to security.d.o (I promise
> I'll even use the embargoed queue this time, so you don't have to go hunting
> for the upload ;).
That'd be grand, thanks.
> Unfortunately, going back through my mail I see that there's another open
> security report against freetype, bug #426771. I have not investigated this
> at all to confirm which versions of freetype are affected. Please advise if
> you would like me to look into this for possible inclusion in 2.1.7-7.
:(
I think that for the moment it would be best to push this out so that
we're all on a level playing field. (Which reminds me some of the
slower buildds have started catching up too..)
Steve
--
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #67 received at 425625@bugs.debian.org (full text, mbox, reply):
On Mon, Jul 09, 2007 at 09:38:53PM +0100, Steve Kemp wrote:
> On Mon Jul 09, 2007 at 12:43:57 -0700, Steve Langasek wrote:
> > I've uploaded a freetype 2.1.7-7 package to
> > <http://people.debian.org/~vorlon/freetype/>, signed and built for sarge.
> Thanks.
> > Let me know if you would like me to upload this to security.d.o (I promise
> > I'll even use the embargoed queue this time, so you don't have to go hunting
> > for the upload ;).
> That'd be grand, thanks.
> > Unfortunately, going back through my mail I see that there's another open
> > security report against freetype, bug #426771. I have not investigated this
> > at all to confirm which versions of freetype are affected. Please advise if
> > you would like me to look into this for possible inclusion in 2.1.7-7.
> :(
> I think that for the moment it would be best to push this out so that
> we're all on a level playing field. (Which reminds me some of the
> slower buildds have started catching up too..)
Ok, uploading.
I'll let y'all know when I have something for bug #426771.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #72 received at 425625@bugs.debian.org (full text, mbox, reply):
On Mon, Jul 09, 2007 at 02:21:15PM -0700, Steve Langasek wrote:
> On Mon, Jul 09, 2007 at 09:38:53PM +0100, Steve Kemp wrote:
> > On Mon Jul 09, 2007 at 12:43:57 -0700, Steve Langasek wrote:
> > > I've uploaded a freetype 2.1.7-7 package to
> > > <http://people.debian.org/~vorlon/freetype/>, signed and built for sarge.
> > Thanks.
> > > Let me know if you would like me to upload this to security.d.o (I promise
> > > I'll even use the embargoed queue this time, so you don't have to go hunting
> > > for the upload ;).
> > That'd be grand, thanks.
> > > Unfortunately, going back through my mail I see that there's another open
> > > security report against freetype, bug #426771. I have not investigated this
> > > at all to confirm which versions of freetype are affected. Please advise if
> > > you would like me to look into this for possible inclusion in 2.1.7-7.
> > :(
> > I think that for the moment it would be best to push this out so that
> > we're all on a level playing field. (Which reminds me some of the
> > slower buildds have started catching up too..)
> Ok, uploading.
<sigh> -- please kick this one out, I just noticed I built it with
stable-security as the target.
Let me know if you would like me to re-roll -7 or prepare a -8 instead.
Also, I've looked into 426771 now and have confirmed it applies to 2.2.1; I
assume it also applies to 2.1.7. So I can include that in -8 if that's
easier.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Information forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Steve Langasek <vorlon@debian.org>.
(full text, mbox, link).
Message #77 received at 425625@bugs.debian.org (full text, mbox, reply):
On Mon Jul 09, 2007 at 17:43:47 -0700, Steve Langasek wrote:
> > Ok, uploading.
>
> <sigh> -- please kick this one out, I just noticed I built it with
> stable-security as the target.
I'd be happy to do that if you, or somebody else, could tell me
how to do so..
> Let me know if you would like me to re-roll -7 or prepare a -8 instead.
I think we need a -8 if the -7 has been seen, right?
Steve
--
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#425625; Package libfreetype6.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #82 received at 425625@bugs.debian.org (full text, mbox, reply):
On Tue, Jul 10, 2007 at 11:11:05AM +0100, Steve Kemp wrote:
> On Mon Jul 09, 2007 at 17:43:47 -0700, Steve Langasek wrote:
> > > Ok, uploading.
> > <sigh> -- please kick this one out, I just noticed I built it with
> > stable-security as the target.
> I'd be happy to do that if you, or somebody else, could tell me
> how to do so..
Hmm. :/ I don't know enough about the structure of the security.d.o dak
setup to say. 'dak process-accepted' or 'dak process-unchecked', maybe?
> > Let me know if you would like me to re-roll -7 or prepare a -8 instead.
> I think we need a -8 if the -7 has been seen, right?
Depends on the extent to which it's been seen; but anyway, if there's doubt
I may as well go ahead with a -8 so that we're not stalled while -7 is being
cleaned out of the wrong queue.
I'm uploading -8 to oldstable-security now. Hopefully I got everything
right this time. (Clearly I need to have security holes in my packages more
frequently so that I become more adept at this!)
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #87 received at 425625-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.2.1-5+etch4
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb
freetype_2.2.1-5+etch4.diff.gz
to pool/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz
freetype_2.2.1-5+etch4.dsc
to pool/main/f/freetype/freetype_2.2.1-5+etch4.dsc
libfreetype6-dev_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb
libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
to pool/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
libfreetype6_2.2.1-5+etch4_i386.deb
to pool/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 23 May 2007 03:26:25 -0700
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: source i386
Version: 2.2.1-5+etch4
Distribution: stable-security
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 425625
Changes:
freetype (2.2.1-5+etch4) stable-security; urgency=high
.
* debian/patches-freetype/CVE-2007-2754_ttgfload: address CVE-2007-2754,
a bug allowing execution of arbitrary code via a crafted TTF image by
way of an integer overflow. Closes: #425625.
Files:
187a09fa137f44644a826cc561851023 798 libs optional freetype_2.2.1-5+etch4.dsc
a584e84d617c6e7919b4aef9b5106cf4 1451392 libs optional freetype_2.2.1.orig.tar.gz
83f454db44bdb8929e0f0381143dc5db 30963 libs optional freetype_2.2.1-5+etch4.diff.gz
f800ba2ee94137591a764136ec71cbd9 341778 libs optional libfreetype6_2.2.1-5+etch4_i386.deb
d15f9a17fe9b5756026779a9e6639305 641566 libdevel optional libfreetype6-dev_2.2.1-5+etch4_i386.deb
7fb03ee21e372b7a4602debe961f764a 135254 utils optional freetype2-demos_2.2.1-5+etch4_i386.deb
9c5125cd256d1e645470d08d7c73bba5 235858 debian-installer extra libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGXXjVKN6ufymYLloRAt8hAJ9iLOWxocSuzZWXTtVDzfV7uoNuQACgxaWo
eZzJueCco4gtT6o/k1A8HqA=
=iqkx
-----END PGP SIGNATURE-----
Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #92 received at 425625-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.1.7-8
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.1.7-8_i386.deb
to pool/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
freetype_2.1.7-8.diff.gz
to pool/main/f/freetype/freetype_2.1.7-8.diff.gz
freetype_2.1.7-8.dsc
to pool/main/f/freetype/freetype_2.1.7-8.dsc
libfreetype6-dev_2.1.7-8_i386.deb
to pool/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
libfreetype6-udeb_2.1.7-8_i386.udeb
to pool/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
libfreetype6_2.1.7-8_i386.deb
to pool/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 425625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 09 Jul 2007 01:39:14 -0700
Source: freetype
Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev
Architecture: source i386
Version: 2.1.7-8
Distribution: oldstable-security
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 425625
Changes:
freetype (2.1.7-8) oldstable-security; urgency=high
.
* debian/patches-freetype/500-CVE-2007-2754_ttgfload.diff: address
CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted
TTF image by way of an integer overflow. Closes: #425625.
Files:
f04967ca8fffb4340fd8ef716d8fbfb5 754 libs optional freetype_2.1.7-8.dsc
d94a3a7e7575ab5c5aa67d5fc630077d 57953 libs optional freetype_2.1.7-8.diff.gz
7abd8cdd3d0b864b0f593eb391e95dc8 364974 libs optional libfreetype6_2.1.7-8_i386.deb
7e558fc40413ac96d54a6e187619923a 695068 libdevel optional libfreetype6-dev_2.1.7-8_i386.deb
e6c2ceadaa8a74247d1fe3eb4eead534 63184 utils optional freetype2-demos_2.1.7-8_i386.deb
df44023a71960bb13e8cbc868a99805c 212968 debian-installer extra libfreetype6-udeb_2.1.7-8_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGk9aLKN6ufymYLloRAkxgAKCLGKlYxwoK0rXVAs2mM17/4dbx9wCdGCxj
frhIiUIHBpdvkXSdcjNvs6w=
=lrXe
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 20 Sep 2007 07:26:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:25:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon