Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freetype: CVE-2010-3855 and CVE-2010-3814

Related Vulnerabilities: CVE-2010-3855   CVE-2010-3814  

Source

Debian Bug report logs - #602221
freetype: CVE-2010-3855 and CVE-2010-3814

version graph

Package: freetype; Maintainer for freetype is Hugh McMaster <hugh.mcmaster@outlook.com>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Tue, 2 Nov 2010 17:06:02 UTC

Severity: grave

Tags: security

Fixed in version freetype/2.4.2-2.1

Done: Moritz Muehlenhoff <jmm@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#602221; Package freetype. (Tue, 02 Nov 2010 17:06:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Steve Langasek <vorlon@debian.org>. (Tue, 02 Nov 2010 17:06:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: freetype: CVE-2010-3855 and CVE-2010-3814
Date: Tue, 02 Nov 2010 18:04:18 +0100
Package: freetype
Severity: grave
Tags: security
Justification: user security hole

Two security issues have been fixed in freetype, at least the first
should allow code injection:

CVE-2010-3855:
https://savannah.nongnu.org/bugs/?31310
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a

CVE-2010-3814:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs16-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Reply sent to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility. (Thu, 18 Nov 2010 20:51:04 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Thu, 18 Nov 2010 20:51:04 GMT) (full text, mbox, link).

Message #10 received at 602221-close@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: 602221-close@bugs.debian.org
Subject: Bug#602221: fixed in freetype 2.4.2-2.1
Date: Thu, 18 Nov 2010 20:48:10 +0000
Source: freetype
Source-Version: 2.4.2-2.1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.4.2-2.1_i386.deb
  to main/f/freetype/freetype2-demos_2.4.2-2.1_i386.deb
freetype_2.4.2-2.1.diff.gz
  to main/f/freetype/freetype_2.4.2-2.1.diff.gz
freetype_2.4.2-2.1.dsc
  to main/f/freetype/freetype_2.4.2-2.1.dsc
libfreetype6-dev_2.4.2-2.1_i386.deb
  to main/f/freetype/libfreetype6-dev_2.4.2-2.1_i386.deb
libfreetype6-udeb_2.4.2-2.1_i386.udeb
  to main/f/freetype/libfreetype6-udeb_2.4.2-2.1_i386.udeb
libfreetype6_2.4.2-2.1_i386.deb
  to main/f/freetype/libfreetype6_2.4.2-2.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 602221@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 18 Nov 2010 21:16:12 +0100
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source i386
Version: 2.4.2-2.1
Distribution: unstable
Urgency: medium
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 602221
Changes: 
 freetype (2.4.2-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2010-3855 and CVE-2010-3814 (Closes: #602221)
Checksums-Sha1: 
 5e5f444c312d4bb6f768b2243565deceffcd5ee0 1199 freetype_2.4.2-2.1.dsc
 568e6703b3beba2165f0b56e5d7c95148c3a1f24 36566 freetype_2.4.2-2.1.diff.gz
 028c4f43e4fe7884f4cd4fc8c4f6a6bf75bddeb6 359076 libfreetype6_2.4.2-2.1_i386.deb
 bcd9b326e91ea7b5a7e5c86a3d33b01020dafd97 710324 libfreetype6-dev_2.4.2-2.1_i386.deb
 14f7256384278dd2f321bfaee060c86ba5a083c9 189598 freetype2-demos_2.4.2-2.1_i386.deb
 0cf89f73eec7b8bc239e3c49bbd8f9f03e853add 265426 libfreetype6-udeb_2.4.2-2.1_i386.udeb
Checksums-Sha256: 
 41d3ed18e31cd974f9f4ef603eba5e84e7d187b1fa8b506611990683fd43e897 1199 freetype_2.4.2-2.1.dsc
 2a359e448ff0f7ac7c50ee81ffbd804b1900ee3e6450de77f4d7f605997af3b1 36566 freetype_2.4.2-2.1.diff.gz
 a0bdc67bd6445efa60ddb5889202e36be16f296275260650823a0884819f6583 359076 libfreetype6_2.4.2-2.1_i386.deb
 2419911213d788cddbafb021d52454f3cbeac7651048a7fd3bec93d305d987cc 710324 libfreetype6-dev_2.4.2-2.1_i386.deb
 80cf3fa0190caa13ce61ab961275805ea4f3161f14b43d6f89d47a64dbf105dd 189598 freetype2-demos_2.4.2-2.1_i386.deb
 26e5486865cd6633dd205194a98cbc504326099304916a4c798916c1a563a8e4 265426 libfreetype6-udeb_2.4.2-2.1_i386.udeb
Files: 
 dff01e746c18bcbcf0a476872e5ae64b 1199 libs optional freetype_2.4.2-2.1.dsc
 68a5fe548b573eb994d212b0928f249b 36566 libs optional freetype_2.4.2-2.1.diff.gz
 66573cc6e4be9546e8a8c7f8fc662989 359076 libs optional libfreetype6_2.4.2-2.1_i386.deb
 fda31ec1ff9f5cca84f7939878d19d12 710324 libdevel optional libfreetype6-dev_2.4.2-2.1_i386.deb
 8b1dea92a774660fc154f63998490579 189598 utils optional freetype2-demos_2.4.2-2.1_i386.deb
 920fc009a335125920a77a99b3e0dc5c 265426 debian-installer extra libfreetype6-udeb_2.4.2-2.1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzliqgACgkQXm3vHE4uylpZKQCfeOZ2nzkeVfT5nmso4//asrKl
GKYAoMuTZRa01FNFVu4sUzSCaweel/DE
=2dZq
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 22 Dec 2010 07:31:23 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:10:29 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started