-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Jan 2012 21:55:47 +0100 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: source all amd64 Version: 5.1.2-3+squeeze1 Distribution: stable-security Urgency: high Maintainer: Ruben Molina <rmolina@udea.edu.co> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Closes: 652996 Changes: t1lib (5.1.2-3+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2010-2642 added, fix heap-based buffer overflow first found in evince but applicable to the embedded afmparse library found in t1lib too. Fixes CVE-2011-0433 too on the same patch. - CVE-2011-0764 added, fix arbitrary code execution by only using ppoints when it is a valid pointer. closes: #652996 This fixes CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554 * format-string added, fix a format string error IfTrace0 macro and another in T1_SubfsetFont(). Checksums-Sha1: 4e1dff94b71f461a27361ced4ef5cd0bbc5e9b4e 1803 t1lib_5.1.2-3+squeeze1.dsc 4b4fc22c8688eefaaa8cfc990f0039f95f4287de 1872534 t1lib_5.1.2.orig.tar.gz 0a5da8d9f5fed62e715527d4e341188fd5907817 19084 t1lib_5.1.2-3+squeeze1.diff.gz c554d06bb99bcd2363f6bc3f2bead01808243580 610678 libt1-doc_5.1.2-3+squeeze1_all.deb 4f30ff90daa6fef4329446e7d2eae7beaea5cc43 171790 libt1-5_5.1.2-3+squeeze1_amd64.deb 389c66b03f424f95ccf2775979351e970df62b16 198552 libt1-dev_5.1.2-3+squeeze1_amd64.deb 9c5d17df2ee88dc7eab3cfdbca26d4ad6a5f13c1 61608 t1lib-bin_5.1.2-3+squeeze1_amd64.deb 9d25aeb098f4c859763700b10f9464aa85b5ebae 216768 libt1-5-dbg_5.1.2-3+squeeze1_amd64.deb Checksums-Sha256: 25f41d5da8aadfe3625906ec43f4fe5ea70b299215feba65c97463722119ae6a 1803 t1lib_5.1.2-3+squeeze1.dsc 821328b5054f7890a0d0cd2f52825270705df3641dbd476d58d17e56ed957b59 1872534 t1lib_5.1.2.orig.tar.gz b1f48e3aab44d724fcc2ca27b2ff44151dfd410616302ba8e54f749c358c4ba8 19084 t1lib_5.1.2-3+squeeze1.diff.gz 0c7e6d10185562dd260b8336dc6cf0a0ad4835ca832a02621f84b8add2ab29df 610678 libt1-doc_5.1.2-3+squeeze1_all.deb 237059183ded56498234c0229eb5549d1f6cff9bc288af8b27932f272325134c 171790 libt1-5_5.1.2-3+squeeze1_amd64.deb a0f599b8ad18cb046191c362cff5d1c16c3d2d3feb6e598d4eb5e827e03198c3 198552 libt1-dev_5.1.2-3+squeeze1_amd64.deb 9203fef1d6142a7ecf369f5a24a0144197cd17dc0f5a1ca3be4cf5cd27c7f708 61608 t1lib-bin_5.1.2-3+squeeze1_amd64.deb bfd1a2bdbf33e7197a4155b51eaccfa68759ce0f0c2e8850b54ad4e795d790bd 216768 libt1-5-dbg_5.1.2-3+squeeze1_amd64.deb Files: ed598dc987a42843934e79c9b3e14e89 1803 libs optional t1lib_5.1.2-3+squeeze1.dsc a5629b56b93134377718009df1435f3c 1872534 libs optional t1lib_5.1.2.orig.tar.gz baf76641399eea88ac3a1f8937ba69eb 19084 libs optional t1lib_5.1.2-3+squeeze1.diff.gz d7fd6e672b03cc092fa59bdc838b1df5 610678 doc optional libt1-doc_5.1.2-3+squeeze1_all.deb d66e1f2af733c4156addd44c8963fb12 171790 libs optional libt1-5_5.1.2-3+squeeze1_amd64.deb d343c14aa322045f7d5072eee3b59389 198552 libdevel optional libt1-dev_5.1.2-3+squeeze1_amd64.deb e6c5fc1b460c32018f0bdb8ea741f393 61608 misc optional t1lib-bin_5.1.2-3+squeeze1_amd64.deb 114dd281998ead532e045c5b9bc1838c 216768 libdevel extra libt1-5-dbg_5.1.2-3+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJPEo4nAAoJEDBVD3hx7wuoNfAP/0ysUDmTOeF6X01MYZKl7aJi eRYMjwOb430Z8abXP2x8YtARH9W5cO0uB7hLToV8LE9n5/37/2wRZKU8qmZdngEh bt+sc4gvKzfzjOj3oSwvQUokHZW/cuzkSW5I7uITgIX1My/U5T4BGwbo63b/Norl fdhUcLaqJkpPISG3bUxtYlR5tWZ3UcRfilDSJm56bYrUN7NUNvJvG/Iuu0JHvYty ckECfKOMMGtKW7gY3n0EMSvMJL+UeJRGE02QBZTZMvB5W7ZZx2kjplNrUbWNX62c TleaRIhV+MFsOG3d96QXk9wi7MbVu/7MH6mqMhVWkW0Gr5tFJXQOk9uJwqHW/8fW /qQybJ6HFUO2/sQsPsp9FUV12KKUAyMS7IjdhSPpmu1J8MywbdRI/vBO5tLQq3P8 h2Zzybeue8gOLzpAv8FbhrJIJyBYiy54QK+R83JvgrsWdHmBzwQNzTlIyq/hA27w oCIKjN+P6qrcTstXqUWm0pif75VoubYVls5ACtJJmA7d+/vFaKKj0Ij6K2mlu6TM ns3shX6JRUI5d/0loCENrT43ufdwoGRJzslR4eYbBKdS7egPYyextsQ+f8NLu72q WkrmWqOsjGfZmVnDj5SC/iY1yulNe42dtWdCYSK5ogQhs+z+A66HzObn09/vuOLj r+sbMawg5jl7uBgl2ngI =pDhv -----END PGP SIGNATURE----- Accepted: libt1-5-dbg_5.1.2-3+squeeze1_amd64.deb to main/t/t1lib/libt1-5-dbg_5.1.2-3+squeeze1_amd64.deb libt1-5_5.1.2-3+squeeze1_amd64.deb to main/t/t1lib/libt1-5_5.1.2-3+squeeze1_amd64.deb libt1-dev_5.1.2-3+squeeze1_amd64.deb to main/t/t1lib/libt1-dev_5.1.2-3+squeeze1_amd64.deb libt1-doc_5.1.2-3+squeeze1_all.deb to main/t/t1lib/libt1-doc_5.1.2-3+squeeze1_all.deb t1lib-bin_5.1.2-3+squeeze1_amd64.deb to main/t/t1lib/t1lib-bin_5.1.2-3+squeeze1_amd64.deb t1lib_5.1.2-3+squeeze1.diff.gz to main/t/t1lib/t1lib_5.1.2-3+squeeze1.diff.gz t1lib_5.1.2-3+squeeze1.dsc to main/t/t1lib/t1lib_5.1.2-3+squeeze1.dsc