Univention Bugzilla – Bug 42567
freetype: Multiple issues (ES 3.3)
Last modified: 2017-07-20 15:01:06 CEST
+++ This bug was initially created as a clone of Bug #39558 +++
Debian package version 2.4.2-2.1+squeeze6 fixes:
* remote denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream (CVE-2014-9745)
* use of uninitialized data (CVE-2014-9746)
* t42parse.c vulnerability (CVE-2014-9747)
Note: backported patches present : 2.4.2-2.1+squeeze4-errata3.2-5
see Bug 37756 Comment 1.
+++ This bug was initially created as a clone of Bug #38465 +++
Imported and built in errata3.3-1.
I had to develop a couple of small patches to fix -Werror=unused-but-set-variable errors. I compared the source code to the 2.4.9-1.1 package and fixed those errors in the same way in 2.4.2-2.1+squeeze6.
I've backported an additional patch from Bug 40548:
* out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. (CVE-2016-10328)
Package imported and built, advisory updated.
(In reply to Arvid Requate from comment #1)
> Imported and built in errata3.3-1.
The version number is too old:
*** 2.4.2-220.127.116.11503191628 0
500 http://…/3.2/maintained/ 3.2-6/amd64/ Packages
500 http://…/3.0/maintained/ 3.0-2/amd64/ Packages
500 http://…/3.0/maintained/ 3.0-1/amd64/ Packages
500 http://…/3.0/maintained/ 3.0-0/amd64/ Packages
500 http://…/ ucs_3.3-0-errata3.3-1/amd64/ Packages
> Advisory: freetype.yaml
The advisory seems to be missing?
(In reply to Janek Walkenhorst from comment #3)
> > Advisory: freetype.yaml
> The advisory seems to be missing?
I was wrong.