Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freetype: multiple security issues

Related Vulnerabilities: CVE-2008-1806   CVE-2008-1807   CVE-2008-1808  

Source

Debian Bug report logs - #485841
freetype: multiple security issues

version graph

Package: freetype; Maintainer for freetype is Hugh McMaster <hugh.mcmaster@outlook.com>;

Reported by: Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>

Date: Wed, 11 Jun 2008 20:03:03 UTC

Severity: grave

Tags: security

Found in version 2.3.5-1

Fixed in version freetype/2.3.6-1

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#485841; Package freetype. (full text, mbox, link).

Acknowledgement sent to Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>:
New Bug report received and forwarded. Copy sent to Steve Langasek <vorlon@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>
To: submit@bugs.debian.org
Subject: freetype: multiple security issues
Date: Wed, 11 Jun 2008 21:58:26 +0200
[Message part 1 (text/plain, inline)]
Package: freetype
Version: 2.3.5-1
Severity: important
Tags: security

Hi,

there are some security issues for FreeType2 2.3.5 as you can
see on the following websites:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717

It seems that they are be solved in the new version 2.3.6 of
FreeType2.

Kind regards,
Thomas.


[signature.asc (application/pgp-signature, inline)]

Severity set to `grave' from `important' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Fri, 13 Jun 2008 13:24:42 GMT) (full text, mbox, link).

Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #12 received at 485841-close@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>
To: 485841-close@bugs.debian.org
Subject: Bug#485841: fixed in freetype 2.3.6-1
Date: Mon, 16 Jun 2008 09:02:02 +0000
Source: freetype
Source-Version: 2.3.6-1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.3.6-1_amd64.deb
  to pool/main/f/freetype/freetype2-demos_2.3.6-1_amd64.deb
freetype_2.3.6-1.diff.gz
  to pool/main/f/freetype/freetype_2.3.6-1.diff.gz
freetype_2.3.6-1.dsc
  to pool/main/f/freetype/freetype_2.3.6-1.dsc
freetype_2.3.6.orig.tar.gz
  to pool/main/f/freetype/freetype_2.3.6.orig.tar.gz
libfreetype6-dev_2.3.6-1_amd64.deb
  to pool/main/f/freetype/libfreetype6-dev_2.3.6-1_amd64.deb
libfreetype6-udeb_2.3.6-1_amd64.udeb
  to pool/main/f/freetype/libfreetype6-udeb_2.3.6-1_amd64.udeb
libfreetype6_2.3.6-1_amd64.deb
  to pool/main/f/freetype/libfreetype6_2.3.6-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 485841@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 15 Jun 2008 23:52:53 -0700
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.3.6-1
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 485841
Changes: 
 freetype (2.3.6-1) unstable; urgency=low
 .
   * New upstream release
     - Fixes multiple vulnerabilities in the PFB font parser (CVE-2008-1806,
       CVE-2008-1807, CVE-2008-1808).  Closes: #485841.
   * Fix some very bizarre quoting of $CFLAGS in debian/rules
Checksums-Sha1: 
 1291bf7fa82ddb5b91a4d4d825b59f0950a59824 1170 freetype_2.3.6-1.dsc
 4dedc0a5fd1cb7d905947c37537f17a7ee053ac0 1608279 freetype_2.3.6.orig.tar.gz
 11991214ebe53c09df7f8a8a58ff303603b8afe9 30280 freetype_2.3.6-1.diff.gz
 6cde76629b19f7670ed264e938dc235c05c75ebd 382788 libfreetype6_2.3.6-1_amd64.deb
 b0bdb96aa1ce9067534ad2b2d6ee7741973dd986 710770 libfreetype6-dev_2.3.6-1_amd64.deb
 802e89424837a2209adb316fb5d593f48e5b982a 223776 freetype2-demos_2.3.6-1_amd64.deb
 798788f8e04307a8bfa3c6d7be8ded800119a8d9 269748 libfreetype6-udeb_2.3.6-1_amd64.udeb
Checksums-Sha256: 
 3f135305ede1c9ebbc9db4dfd73d07695e7058018e2437bb189f9892780709c9 1170 freetype_2.3.6-1.dsc
 fb741898a563bee75893d3e3111f970e04e96c50944cd0f77131f462ef88ad75 1608279 freetype_2.3.6.orig.tar.gz
 ed3ebb8cbca6863685cf4fec3be5c19025ab6d7acfbe061e5e34524a6992badc 30280 freetype_2.3.6-1.diff.gz
 6e2768423de9cc203f78572a328cfd8c70625ec2f598927d5b79df93a4089156 382788 libfreetype6_2.3.6-1_amd64.deb
 38e81c8b957d3bc8c4f9842bd31c0001b7fc31fe8cfb7115424c2b462f20d34c 710770 libfreetype6-dev_2.3.6-1_amd64.deb
 eaec3deb5cfbb8560f0a5df0899064fc42941a34c2602ec42636c55544bfb56b 223776 freetype2-demos_2.3.6-1_amd64.deb
 5ea43245ef0098f1679ebc03bcb54a70af7cf6d91b6c6a98026c64d92b7d70a9 269748 libfreetype6-udeb_2.3.6-1_amd64.udeb
Files: 
 daf134e4ed27455a8977954a54e600ce 1170 libs optional freetype_2.3.6-1.dsc
 f5c58d49f17517aa24c4c39bc698df70 1608279 libs optional freetype_2.3.6.orig.tar.gz
 b8fc62827ae3f91f49b305dd8c9e3406 30280 libs optional freetype_2.3.6-1.diff.gz
 0b124aff08add8239f2d6fa5089d85fa 382788 libs optional libfreetype6_2.3.6-1_amd64.deb
 ea8dd2fbd6863f969c0e5ba7340e754b 710770 libdevel optional libfreetype6-dev_2.3.6-1_amd64.deb
 0459c895d6a0a80fad8e24f9d20cedd7 223776 utils optional freetype2-demos_2.3.6-1_amd64.deb
 92dcd71d5b20eeb33007235ece279be6 269748 debian-installer extra libfreetype6-udeb_2.3.6-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIVhrAKN6ufymYLloRAi8kAJ95aA6b8mYcZhq2wbfyZMZ93PzxWwCgnErj
b79smPZZpRzNKv3QC3DQfKs=
=WBLV
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 15 Jul 2008 07:30:51 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:02:55 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started