Univention Bugzilla – Bug 42567
freetype: Multiple issues (ES 3.3)
Last modified: 2017-07-20 15:01:06 CEST
+++ This bug was initially created as a clone of Bug #39558 +++ Debian package version 2.4.2-2.1+squeeze6 fixes: * remote denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream (CVE-2014-9745) * use of uninitialized data (CVE-2014-9746) * t42parse.c vulnerability (CVE-2014-9747) Note: backported patches present : 2.4.2-2.1+squeeze4-errata3.2-5 see Bug 37756 Comment 1. +++ This bug was initially created as a clone of Bug #38465 +++
Imported and built in errata3.3-1. I had to develop a couple of small patches to fix -Werror=unused-but-set-variable errors. I compared the source code to the 2.4.9-1.1 package and fixed those errors in the same way in 2.4.2-2.1+squeeze6. Advisory: freetype.yaml
I've backported an additional patch from Bug 40548: * out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. (CVE-2016-10328) Package imported and built, advisory updated.
(In reply to Arvid Requate from comment #1) > Imported and built in errata3.3-1. The version number is too old: *** 2.4.2-2.1.63.201503191628 0 500 http://…/3.2/maintained/ 3.2-6/amd64/ Packages 100 /var/lib/dpkg/status 2.4.2-2.1.57.201203091245 0 500 http://…/3.0/maintained/ 3.0-2/amd64/ Packages 2.4.2-2.1.54.201112121554 0 500 http://…/3.0/maintained/ 3.0-1/amd64/ Packages 2.4.2-2.1.52.201110271253 0 500 http://…/3.0/maintained/ 3.0-0/amd64/ Packages 2.4.2-2.1~ucs3.3.75.201704181410 0 500 http://…/ ucs_3.3-0-errata3.3-1/amd64/ Packages > Advisory: freetype.yaml The advisory seems to be missing?
(In reply to Janek Walkenhorst from comment #3) > > Advisory: freetype.yaml > The advisory seems to be missing? I was wrong.
Fixed: 2.4.2-2.1.79.201706261646
Advisory: OK Tests: OK
<http://errata.software-univention.de/ucs/3.3/38.html>