Debian Bug report logs -
#649122
CVE-2011-3439
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 17 Nov 2011 21:06:27 UTC
Severity: grave
Tags: security
Fixed in version freetype/2.4.8-1
Done: Steve Langasek <vorlon@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#649122; Package freetype.
(Thu, 17 Nov 2011 21:06:30 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Steve Langasek <vorlon@debian.org>.
(Thu, 17 Nov 2011 21:06:32 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: freetype
Severity: grave
Tags: security
This has been assigned CVE-2011-3439:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=14a16e3430ce85538ba9116816cf463cf8827708
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply sent
to Steve Langasek <vorlon@debian.org>:
You have taken responsibility.
(Thu, 17 Nov 2011 23:06:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 17 Nov 2011 23:06:05 GMT) (full text, mbox, link).
Message #10 received at 649122-close@bugs.debian.org (full text, mbox, reply):
Source: freetype
Source-Version: 2.4.8-1
We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:
freetype2-demos_2.4.8-1_amd64.deb
to main/f/freetype/freetype2-demos_2.4.8-1_amd64.deb
freetype_2.4.8-1.diff.gz
to main/f/freetype/freetype_2.4.8-1.diff.gz
freetype_2.4.8-1.dsc
to main/f/freetype/freetype_2.4.8-1.dsc
freetype_2.4.8.orig.tar.gz
to main/f/freetype/freetype_2.4.8.orig.tar.gz
libfreetype6-dev_2.4.8-1_amd64.deb
to main/f/freetype/libfreetype6-dev_2.4.8-1_amd64.deb
libfreetype6-udeb_2.4.8-1_amd64.udeb
to main/f/freetype/libfreetype6-udeb_2.4.8-1_amd64.udeb
libfreetype6_2.4.8-1_amd64.deb
to main/f/freetype/libfreetype6_2.4.8-1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 649122@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 17 Nov 2011 22:28:14 +0000
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.4.8-1
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description:
freetype2-demos - FreeType 2 demonstration programs
libfreetype6 - FreeType 2 font engine, shared library files
libfreetype6-dev - FreeType 2 font engine, development files
libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 649122
Changes:
freetype (2.4.8-1) unstable; urgency=high
.
* New upstream release
- upstream fix for CVE-2011-3439. Closes: #649122.
- adjust libfreetype6.symbols for a newly-exported function.
Checksums-Sha1:
29741ce53e6e72a9bb10939bb5af67ed1f77bc1d 2026 freetype_2.4.8-1.dsc
4c4f75487add6b19a6293cc9155a562042d0069c 1761876 freetype_2.4.8.orig.tar.gz
547a52b47b695ed888879016fdc9f216c0c80722 34363 freetype_2.4.8-1.diff.gz
de8e400bde9093a0dc113a7e9b939836fae8ccc5 441760 libfreetype6_2.4.8-1_amd64.deb
67b6ebaf7e85b3cc4915f1dddc82227ef6401509 801358 libfreetype6-dev_2.4.8-1_amd64.deb
65dc7791cab02af6ae496241ee346c38b4489c58 218698 freetype2-demos_2.4.8-1_amd64.deb
29a2eb3322c691bb56771b1346d69c948e6288a1 323080 libfreetype6-udeb_2.4.8-1_amd64.udeb
Checksums-Sha256:
0cc57b0dc362126d9491f2114ad5655c9952288c005fc5e420af992c45a71d4d 2026 freetype_2.4.8-1.dsc
69b8e431c44a380f178bf82cc3635340bcd0c029abba3a55db69a8a91d543211 1761876 freetype_2.4.8.orig.tar.gz
4fea616bb89cb65993f6c966050030e03073d175da7e059ce5084ff16d30da57 34363 freetype_2.4.8-1.diff.gz
8724b1a3ae219ba5ea7449073182d2152478f68bee0cb4e5919ac75d4a70e09d 441760 libfreetype6_2.4.8-1_amd64.deb
192636a14ba6b787cbeaecf35ad771aa28253235557c4099fea44d75e87568d3 801358 libfreetype6-dev_2.4.8-1_amd64.deb
7a23e043047b4fd457165f12a036c14384cc0e0dd6352bff97cbc9573812dd71 218698 freetype2-demos_2.4.8-1_amd64.deb
0074b2993e01a5c8af41edef75e5086a4c6ecf3d5b3123fcfdeaea10e75c992e 323080 libfreetype6-udeb_2.4.8-1_amd64.udeb
Files:
1e5d1ea6d872c75e8ae789703a16c603 2026 libs optional freetype_2.4.8-1.dsc
17f50a99252d251bd7e2a4ff0259705a 1761876 libs optional freetype_2.4.8.orig.tar.gz
97a1f13bcf4c5e5a9fc32795fcc72c44 34363 libs optional freetype_2.4.8-1.diff.gz
8d5603a8eb0d9e17dab66f01fe659c13 441760 libs optional libfreetype6_2.4.8-1_amd64.deb
3dbee7c162b82d50571ccf05ec358a3a 801358 libdevel optional libfreetype6-dev_2.4.8-1_amd64.deb
3e803f1b74800fca752d2a7c62e84efa 218698 utils optional freetype2-demos_2.4.8-1_amd64.deb
f7552ed4ae16d2dbac759be893c7cb44 323080 debian-installer extra libfreetype6-udeb_2.4.8-1_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUBTsWMKFaNMPMhshM9AQiS0A/8C+dbvKexZvvv3kpoSTrwp0q2sN5t6Kjs
4LT9fHXBtvY8Ud95dxhb+tmGakNUyHuCFJQpNWQ7LkVGjh9PT5qVX6ZB2JFcvYjR
iTStTNZy+Vgq9WqFaAgqMcKd6gITW6GHqdWzfjUoI9yXpTdFWfJbv7yFXQshBgng
Fks1mlIznb46j25rJ3v99TDIS7qTHHXngjOiUqxf7CqhzNG6W8PPzMVzekkqEhVN
MmUgDcY9B0ULSyDU8Lt8WM+h4UaERh4SQQ2mgGxr4GD4XJZH8u8wkzejg7HYkgyD
CaTqXiYy/J86Kvu5pnoRCQlimTcriPsKw1I6UXTuE2Qb8RzyPgpQreO76STd9sF4
CnLNGhe0tDELO1Vulj7yR5BBlcYFPCcHv81JjFU+eFur8kdhXZA1CekiRltb0zhe
WkSiFXfIHndi0ZnOL+N+yMHduQopWa9jw9G4GWoghc2UwG8GgNrL9X9HFeb2UQoM
81kGAsd/kj8o1uDROH0AzSr6xGelxHRycE5KNtsySR1Km0UOebuOeNJQs1CPB0Lq
isyR0l4VlYCvo7BFYqXfDJNCWf9DPA5JOLc4LpZ+5LyTiO5bMB/cm7zqTAqmX1F6
SwmedHp+aOc9TGc9/ESgyB7hzhTN/kdlXPm+PlsDen1xZhCa8gXkxN/9Dp4mvKTK
oZ7sCP/T+xA=
=oy7o
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 16 Dec 2011 07:32:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:25:39 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon