-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 10 Aug 2008 09:53:09 +0000 Source: freetype Binary: freetype2-demos libfreetype6-udeb libfreetype6 libfreetype6-dev Architecture: source i386 Version: 2.2.1-5+etch3 Distribution: stable-security Urgency: high Maintainer: Steve Langasek <vorlon@debian.org> Changed-By: Steffen Joeris <white@debian.org> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.2.1-5+etch3) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix off-by-one programming error in PFB and TTF font parsing which could result in a off-by-one heap overflow when parsing table like data structures (PFB) or SHC instructions (TTF) Fixes: CVE-2008-1808 * Fix memory corruption when parsing PFB format files Fixes: CVE-2008-1807 * Fix integer overflow resulting in a heap overflow due to integer conversion errors Fixes: CVE-2008-1806 Files: 5a9af398d4749d9b1da47b6d9dbab821 806 libs optional freetype_2.2.1-5+etch3.dsc a584e84d617c6e7919b4aef9b5106cf4 1451392 libs optional freetype_2.2.1.orig.tar.gz 16f3a9f45c8ba0743fcce4db637b11bf 33815 libs optional freetype_2.2.1-5+etch3.diff.gz 9b65398aaaf701879d4106fbc7c1b241 342704 libs optional libfreetype6_2.2.1-5+etch3_i386.deb ccaaafcb5eda1820727ddcf67550a9c6 645534 libdevel optional libfreetype6-dev_2.2.1-5+etch3_i386.deb 739490a353dbb1b5a09a7a88faa2d2c2 134990 utils optional freetype2-demos_2.2.1-5+etch3_i386.deb 67dc56faf0a5683f42723ceaaff13617 235954 debian-installer extra libfreetype6-udeb_2.2.1-5+etch3_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiiPQkACgkQ62zWxYk/rQcHmQCgmxZgtPNoEVU1T8hzj3ieJ+MZ JG8AoJNNqO+GW1XqoLAWJUvwNUM2g5k7 =Rohd -----END PGP SIGNATURE----- Accepted: freetype2-demos_2.2.1-5+etch3_i386.deb to pool/main/f/freetype/freetype2-demos_2.2.1-5+etch3_i386.deb freetype_2.2.1-5+etch3.diff.gz to pool/main/f/freetype/freetype_2.2.1-5+etch3.diff.gz freetype_2.2.1-5+etch3.dsc to pool/main/f/freetype/freetype_2.2.1-5+etch3.dsc libfreetype6-dev_2.2.1-5+etch3_i386.deb to pool/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_i386.deb libfreetype6-udeb_2.2.1-5+etch3_i386.udeb to pool/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_i386.udeb libfreetype6_2.2.1-5+etch3_i386.deb to pool/main/f/freetype/libfreetype6_2.2.1-5+etch3_i386.deb