--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: t1lib: diff for NMU version 5.1.2-3.3
- From: Luk Claes <luk@debian.org>
- Date: Thu, 29 Dec 2011 23:35:23 +0100
- Message-id: <20111229223523.GA27097@station.luk.local>
Package: t1lib
Version: 5.1.2-3.2
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU for t1lib (versioned as 5.1.2-3.3) and
uploaded it to DELAYED/02 fixing the security issue CVE-2011-0764
and not shipping the .la file anymore. Please feel free to tell me
if I should delay it longer.
Cheers
Luk
diff -u t1lib-5.1.2/debian/libt1-dev.install t1lib-5.1.2/debian/libt1-dev.install
--- t1lib-5.1.2/debian/libt1-dev.install
+++ t1lib-5.1.2/debian/libt1-dev.install
@@ -2,3 +2,2 @@
debian/tmp/usr/lib/*.so
-debian/tmp/usr/lib/*.la
debian/tmp/usr/lib/*.a
diff -u t1lib-5.1.2/debian/changelog t1lib-5.1.2/debian/changelog
--- t1lib-5.1.2/debian/changelog
+++ t1lib-5.1.2/debian/changelog
@@ -1,3 +1,12 @@
+t1lib (5.1.2-3.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix arbitrary code execution CVE-2011-0764 by only using ppoints when
+ it is a valid pointer (Closes: #652996).
+ * Don't ship .la file anymore (Closes: #633247).
+
+ -- Luk Claes <luk@debian.org> Thu, 29 Dec 2011 23:21:33 +0100
+
t1lib (5.1.2-3.2) unstable; urgency=low
* Non-maintainer upload. (version 5.1.2-3.2 triggered a problem with dak)
diff -u t1lib-5.1.2/debian/patches/series t1lib-5.1.2/debian/patches/series
--- t1lib-5.1.2/debian/patches/series
+++ t1lib-5.1.2/debian/patches/series
@@ -5,0 +6 @@
+CVE-2011-0764.diff
only in patch2:
unchanged:
--- t1lib-5.1.2.orig/debian/patches/CVE-2011-0764.diff
+++ t1lib-5.1.2/debian/patches/CVE-2011-0764.diff
@@ -0,0 +1,32 @@
+Description: Don't lookup previous point if there isn't any
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Forwarded: no
+
+Index: t1lib-5.1.2/lib/type1/type1.c
+===================================================================
+--- t1lib-5.1.2.orig/lib/type1/type1.c 2011-12-13 14:24:14.280965637 -0600
++++ t1lib-5.1.2/lib/type1/type1.c 2011-12-13 14:25:25.893320747 -0600
+@@ -1700,6 +1700,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous segment! */
++ if (ppoints == NULL) Error0i("RLineTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx, dy);
+
+ /* Allocate a new path point and pre-setup data */
+@@ -1728,6 +1729,7 @@
+ long pindex = 0;
+
+ /* compute hinting for previous point! */
++ if (ppoints == NULL) Error0i("RRCurveTo: No previous point!\n");
+ FindStems( currx, curry, currx-ppoints[numppoints-2].x, curry-ppoints[numppoints-2].y, dx1, dy1);
+
+ /* Allocate three new path points and pre-setup data */
+@@ -1903,6 +1905,7 @@
+ FindStems( currx, curry, 0, 0, dx, dy);
+ }
+ else {
++ if (ppoints == NULL) Error0i("RMoveTo: No previous point!\n");
+ FindStems( currx, curry, ppoints[numppoints-2].x, ppoints[numppoints-2].y, dx, dy);
+ }
+
--- End Message ---