-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 26 Aug 2017 16:03:02 +0200 Source: fontforge Binary: fontforge fontforge-nox libfontforge-dev libfontforge1 libgdraw4 python-fontforge fontforge-dbg Architecture: source amd64 Version: 0.0.20120101+git-2+deb7u1 Distribution: wheezy-security Urgency: low Maintainer: Debian Fonts Task Force <pkg-fonts-devel@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: fontforge - font editor fontforge-dbg - debugging symbols for fontforge fontforge-nox - font editor - non-X version libfontforge-dev - font editor - runtime library (development files) libfontforge1 - font editor - runtime library libgdraw4 - font editor - runtime graphics and widget library python-fontforge - font editor - Python bindings Changes: fontforge (0.0.20120101+git-2+deb7u1) wheezy-security; urgency=low . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-11568-11569-11571-11572-11574-11575-11576-11577.patch Fix for several CVEs: CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 FontForge 20161012 is vulnerable to heap-based buffer over-read in several functions, resulting in DoS or code execution via a crafted otf file: Checksums-Sha1: 8c79b01e91c9b47c27b6eccc33540d4fd5cdd055 2921 fontforge_0.0.20120101+git-2+deb7u1.dsc 060058d2ac7d76c3f6c7b4313dd1f6122bfcc2fb 6794037 fontforge_0.0.20120101+git.orig.tar.gz 6ccc3b7a3be92d7fb730232602aa180620aead77 21827 fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz f5070759d0e732e4b323e5f03b7077a7f49e8ee1 2577868 fontforge_0.0.20120101+git-2+deb7u1_amd64.deb d541f7f6d5bd9ebda2e34c49f2d9fde2bdd469a1 1448154 fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb 33df4542c0e519778f1797a3dbd1341c16aaa182 133548 libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb 85530f2165e9b553bb4fc297ca1daaaef4e2bad6 2672786 libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb e8501af3458b70c67352412edaf5158339726c82 380288 libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb d68770478c58e850ab2aba1fc4585f6e88e0f9cd 16272 python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb 32bb6fc0cd441f3cd5e0387951c3bde27461e5e7 7716060 fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb Checksums-Sha256: bc91bcd59a28147d49f2610736db233d42f484a31213e77f591b84b02610375f 2921 fontforge_0.0.20120101+git-2+deb7u1.dsc f19454066bbd152e961e9bf9a63478739c1fa5fc8eda98353d583b887d52c7b7 6794037 fontforge_0.0.20120101+git.orig.tar.gz 9f1b1316f3664d7094fbc38c9f64a8c5a9d7e1ab031608109ae6bdf532440f5c 21827 fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz de5fe5eb2b24e80eacdf5a12fe9ce1532f86e71aec95dafb4207d696f98fc743 2577868 fontforge_0.0.20120101+git-2+deb7u1_amd64.deb 7bb1b829e66a4756b0960bbae51201ee5fc1408ebd6b7c1899a75142168a7206 1448154 fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb fbbbca2f1b06a9b0c1c31c07448a5e09694c2223411d60960a9d486447e80c4e 133548 libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb 61feb599068b3b4fe1406ce325d5ba18f0757a391697e7e6d38f22ac89a6663d 2672786 libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb c482e05155bb607328a7afdc64255b8a3adaf1b2a15c8158981b93303bd963c3 380288 libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb 95b0cb4eac4ca0bb2f2f5ba22d3c9f345c032fe3cb919f236fd1bea8c3594be3 16272 python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb 6c89514ffb84e671a7536987a24d705a6d263e11fe1d2d83dd3bca927b6d3c3b 7716060 fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb Files: c86ae1c1900caf48abca06cafd5be702 2921 fonts optional fontforge_0.0.20120101+git-2+deb7u1.dsc c2f3994211179e28785aac92e45f6961 6794037 fonts optional fontforge_0.0.20120101+git.orig.tar.gz dcd4742e90d523a7fc6238a45d4ac33f 21827 fonts optional fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz 716e1e72551ea8b8893954b270434733 2577868 fonts optional fontforge_0.0.20120101+git-2+deb7u1_amd64.deb 76e3a4f4159df43d992814591346dfb3 1448154 fonts optional fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb aa7f3e12310e84e25f4642f803d5a018 133548 libdevel optional libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb 2650789f4bd58e3d546664a0142bab73 2672786 libs optional libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb a18c5dfca773763c11a26bdeee8373b8 380288 libs optional libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb 88b9b762facae8b826023f10ef98dc21 16272 python optional python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb 33df1ca986cb4be39d7e527724826362 7716060 debug extra fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlmhiLxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRzzQD/0XZBheSrQY1S/+9GJO0rs2C6WBsE4A RPs2GBnHHET2nDbvUomLVsvDLgO+l8fRXg6wqMnzsyUkQ9fT64/reOU6BOthDRc+ IaM8yeoqMiLSmzESGXoWH/G8Stk6yXFpXx/Q6bCrr49seFCCV2cwlcXUZU/Vf9rg FzTpUTAz/9BjU/0A3s4HkZv/P8qTiJvx9bVud+KR72ZUwBG5x2Vg38i6ysoIJUo9 2qh0xAfuEGDR9Z87us02ewkshFJCZ59F1su8+UI1pN7Np3bfRXplC0XsxueOzmor 8hbcqT/8xpwdh3l4mcUe9WVk4AKq786pnRB/N+y6WIUBX68zTqG7q3Ba8vDv167d PFVx9JgVonDrLvW+Uj+E1ZuBYdsqAo75g/mUB/mGZXx3FdymtYXeUVuC4CXjx+vV f+YJqjtYZVG57AV27R3PYTwIHaJ6VjtbGeQb7DykYJiY7g6Wnujyd524zlhZqpKJ O8C4EsFyyY5Ahkwbe6E2xjeDu4x//Pg1aqXC4BT5WaGIctfbEg+4xSNl8m0Ait6Q IT5bjIVLmK2oBDjbiyH4kgWvn0W9YAo17jcHjLRdcobRCOp0pOJkgw3UrF59rkBT d/1gVhIkWMt/cpfE2dM3Vr8Gm72YDqOlYoQ+Kmj2RgpNJGycDfCT3T+jn3ovv5eV ptGlGAo5QkP9iw== =MsmA -----END PGP SIGNATURE-----