-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 29 Apr 2009 15:09:46 +0000 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source i386 Version: 2.3.7-2+lenny1 Distribution: stable-security Urgency: high Maintainer: Steve Langasek <vorlon@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Closes: 524925 Changes: freetype (2.3.7-2+lenny1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * This update fixes various integer overflows in cff/cffload.c, smooth/ftsmooth.c amd sfnt/ttcmap.c leading to arbitrary code execution or denial of service via a crafted font file (CVE-2009-0946; Closes: #524925). Checksums-Sha1: 6d0e3cb727e5a483d00b2de2874ff7ffc3bb9832 1218 freetype_2.3.7-2+lenny1.dsc 57788883bd8bf09a29e93ac27ab21226d1a9fb9c 1567540 freetype_2.3.7.orig.tar.gz 09f2612b7843f490e7570d288ae445f640787fdc 32714 freetype_2.3.7-2+lenny1.diff.gz e3427ef7847cc14ad8e6a8ccbe1b58fe6ec535c9 371606 libfreetype6_2.3.7-2+lenny1_i386.deb c24797efbbcf045fe76a57d5f9bdcec718e09ec6 685616 libfreetype6-dev_2.3.7-2+lenny1_i386.deb 0c77ac9fbb5e449fde43332ddc313d84bc9686c1 198880 freetype2-demos_2.3.7-2+lenny1_i386.deb a823c26a77822d44ee1702e8a3ed3fa4c752bc68 254386 libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb Checksums-Sha256: bb74c49e5acc2ca62e9afc3134db4fe56b2c3b1bb15e9e0d9029e5aeabe3f4b6 1218 freetype_2.3.7-2+lenny1.dsc f779897742b81c42c912716b0827379887195ea1bcb6464a7ce1843409d39c23 1567540 freetype_2.3.7.orig.tar.gz d26a4382f7f27ee61d30655f721a04042f09ee4ab06c29d3a3cd4d4ac1aebd1f 32714 freetype_2.3.7-2+lenny1.diff.gz 06dd750852e3fa5b78ff50f08b9775221945c14c9d911cad73f50587b85e50ec 371606 libfreetype6_2.3.7-2+lenny1_i386.deb 4b8cd928c10164572608f33501e5e3066c6c17d0f548dd698c75b164fc090b02 685616 libfreetype6-dev_2.3.7-2+lenny1_i386.deb 4c4f68c1e3ae1e323c44f50b1eb0c7e9c8123e6207c72e038e5e31613fc78919 198880 freetype2-demos_2.3.7-2+lenny1_i386.deb 28a9fb03737a5604989b40237b821fcde80134b388578053e069139782da72c9 254386 libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb Files: 44b657bd7355ca8852b5f728220521ce 1218 libs optional freetype_2.3.7-2+lenny1.dsc c1a9f44fde316470176fd6d66af3a0e8 1567540 libs optional freetype_2.3.7.orig.tar.gz 61c850f28c09fe85dae75d4f1b99face 32714 libs optional freetype_2.3.7-2+lenny1.diff.gz 7e56c724b16e31ea9e2b42c54ec4a251 371606 libs optional libfreetype6_2.3.7-2+lenny1_i386.deb 76c13ff85e98143d4e5fd52b69968784 685616 libdevel optional libfreetype6-dev_2.3.7-2+lenny1_i386.deb 46f5663ce579a51e18dc934109cc0645 198880 utils optional freetype2-demos_2.3.7-2+lenny1_i386.deb 951df80ccc9bef3d07dedbbe17760d82 254386 debian-installer extra libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn4b1AACgkQHYflSXNkfP9YSACgpHNGfrVgXu53GV9mRdd1cCDb yEYAnRobHWXYMU27t0jYxtmXl/ILene9 =43vu -----END PGP SIGNATURE----- Accepted: freetype2-demos_2.3.7-2+lenny1_i386.deb to pool/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_i386.deb freetype_2.3.7-2+lenny1.diff.gz to pool/main/f/freetype/freetype_2.3.7-2+lenny1.diff.gz freetype_2.3.7-2+lenny1.dsc to pool/main/f/freetype/freetype_2.3.7-2+lenny1.dsc libfreetype6-dev_2.3.7-2+lenny1_i386.deb to pool/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_i386.deb libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb to pool/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb libfreetype6_2.3.7-2+lenny1_i386.deb to pool/main/f/freetype/libfreetype6_2.3.7-2+lenny1_i386.deb