Bug 37756

Summary: freetype: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P3 CC: gohmann
Version: UCS 3.2   
Target Milestone: UCS 3.2-5-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2015-02-11 07:33:42 CET 
Multiple bugs in processing font files allow denial of service or the execution of arbitrary code:
CVE-2014-9675 CVE-2014-9674 CVE-2014-9673 CVE-2014-9672 CVE-2014-9671 CVE-2014-9670 CVE-2014-9669 CVE-2014-9668 CVE-2014-9667 CVE-2014-9666
CVE-2014-9665 CVE-2014-9664 CVE-2014-9663 CVE-2014-9662 CVE-2014-9661
CVE-2014-9660 CVE-2014-9659 CVE-2014-9658 CVE-2014-9657 CVE-2014-9656
Comment 1 Philipp Hahn univentionstaff 2015-03-19 16:30:50 CET 
repo_admin.py --cherrypick -r 3.0 -s errata3.0-1 --releasedest 3.2 --dest errata3.2-5 -p freetype
b32-scope errata3.2-5 freetype

r14497 | 3.2-0-0-ucs/2.4.2-2.1+squeeze4-errata3.2-5/10_CVEs-2014-9657-9675.patch
Comment 2 Philipp Hahn univentionstaff 2015-03-19 17:22:17 CET 
Package: freetype
Version: 2.4.2-2.1.63.201503191628
Branch: ucs_3.2-0
Scope: errata3.2-5

r59252 | Bug #37756 FreeType: YAML
 2015-03-19-freetype.yaml

QA: See <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656> for a link-list of the CVEs.
Comment 3 Janek Walkenhorst univentionstaff 2015-03-24 17:47:32 CET 
Tests: OK
Advisory: OK
Comment 4 Janek Walkenhorst univentionstaff 2015-03-25 14:04:01 CET 
<http://errata.univention.de/ucs/3.2/307.html>