[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preparation of the next stable Debian GNU/Linux update (I)

Rene Engelhard wrote:
> Martin Zobel-Helas wrote:
> > Accepted Packages
> > -----------------
> > 
> > These packages will be installed into the stable Debian distribution
> > and will be part of the next revision.
> [...]
> > freetype2-demos    stable    2.1.7-2.4   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > freetype2-demos    updates   2.1.7-2.5   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > freetype           stable    2.1.7-2.4   source
> > freetype           updates   2.1.7-2.5   source
> > libfreetype6-dev   stable    2.1.7-2.4   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > libfreetype6-dev   updates   2.1.7-2.5   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > libfreetype6-udeb  stable    2.1.7-2.4   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > libfreetype6-udeb  updates   2.1.7-2.5   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > libfreetype6       stable    2.1.7-2.4   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > libfreetype6       updates   2.1.7-2.5   alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > 
> > 	DSA 1095 freetype - fix several vulnerabilities
> 
> Uh, that's bad. -2.5 is broken. See http://bugs.debian.org/libfreetype6.
> Unfortunately still no DSA which corrects the broken packages caused by
> the first DSA...

There's not going to be any due to ongoing conflicting actions by the
security team and the maintainer.  Attached is my last trial to get
this fixed.  Feel free to pass this through proposed-updates.

Regards,

	Joey

-- 
Those who don't understand Unix are condemned to reinvent it, poorly.

diff -u freetype-2.1.7/debian/changelog freetype-2.1.7/debian/changelog
--- freetype-2.1.7/debian/changelog
+++ freetype-2.1.7/debian/changelog
@@ -1,3 +1,19 @@
+freetype (2.1.7-3.1) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Rebuilt with higher version number
+
+ -- Martin Schulze <joey@infodrom.org>  Fri, 18 Aug 2006 17:06:28 +0200
+
+freetype (2.1.7-2.6) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Adjusted the patch to fix integer overflows to catch negative and zero
+    values as well, thanks to Wolfram Gloger <wg@malloc.de>
+    [debian/patches/400-CVE-2006-2493_integer-overflows.diff, Bug#373581]
+
+ -- Martin Schulze <joey@infodrom.org>  Thu, 17 Aug 2006 09:15:31 +0200
+
 freetype (2.1.7-2.5) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
diff -u freetype-2.1.7/debian/patches/400-CVE-2006-2493_integer-overflows.diff freetype-2.1.7/debian/patches/400-CVE-2006-2493_integer-overflows.diff
--- freetype-2.1.7/debian/patches/400-CVE-2006-2493_integer-overflows.diff
+++ freetype-2.1.7/debian/patches/400-CVE-2006-2493_integer-overflows.diff
@@ -77,12 +77,15 @@
  
  #include "rasterrs.h"
  
-@@ -175,6 +176,9 @@
+@@ -175,6 +176,12 @@
      bitmap->rows  = height;
      bitmap->pitch = pitch;
  
-+    if ((FT_ULong)pitch > LONG_MAX/height)
++    if ((FT_ULong)pitch > LONG_MAX/height || height <= 0)
++    {
++      error = Raster_Err_Array_Too_Large;
 +      goto Exit;
++    }
 +
      if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) )
        goto Exit;

Attachment: signature.asc
Description: Digital signature

Reply to: