[BSA-068] Security Update for freetype
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I uploaded new packages for freetype which fixed the
following security problems:
CVE-2011-3439
FreeType allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted
font, a different vulnerability than CVE-2011-3256.
CVE-2011-3256
FreeType before 2.4.7 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption)
via a crafted font, a different vulnerability than
CVE-2011-0226.
CVE-2011-0226
Integer signedness error in psaux/t1decode.c in FreeType before
2.4.6 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption and application crash)
via a crafted Type 1 font.
For the squeeze-backports distribution the problems have been fixed in
version 2.4.8-1~bpo60+1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPbB3wAAoJEDEWul6f+mmjUcIQAK0Zh9AH1vEDHDmXi4ppS8hA
ovEUiHxTexeWP0cXDByGr5hFk2hTnW5baB3Cv8qpUFnT4bpXgGeFwgTQn0pa4O0v
MqnNprbbMpgqmWvKp9Y1xNIOXUFlDWSe3SyK6LNV7vh/1nrzevHPHMqdAryK3+nP
YhfLuc+P9RRDu1sNvKADq6v9ycxnomtLItfMI4wSxo6XgvEH6Xse6bcu9k4AhL3i
EAUiLYyKt4r5+MkAOi3dpNdavtfMACU9hs3ZcjmstTWz8hXlVkAVOJcLxAvhEC7y
Fmefd8G3pqrb13sUiRKV0jRxUghyJGuuY6PQ9sxHiDnLuS38nLT6VLN8/c0O83uD
+tVB2HclX57S/DAAAZMywlYNVrGzc8C4F33bsQ1Zcr/ylNUk31r2yDMeySK8TBsy
zWP9qOr2tK4XVya29JQdRYG8WUYW5o4/bGfDNuzK4N8q8crLt/kLjJ2irtv3xJ4Y
vDtP0+fPE7dOq+PqMgm3VXfwE9g5quUokR1GI8thjJyyd+C3++ARjaRi9tKcZ3Iu
QpClKKNyR6gOY5NR6QtuGpDri75TPVEu2zKomyAcfCZOgI/25Ajb1IZk+97/r0SS
q05/HCXcFyt6Qykaskcgx9oeBLmdpxqCx0MQfJg2GHDr6KubxHUN4kysjFoWmkXI
X3LOJ0JU8f3n/Xb0rdZv
=/FWq
-----END PGP SIGNATURE-----
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: