Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow

To: debian-security@lists.debian.org
Cc: control@bugs.debian.org
Subject: Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow
From: Rene Engelhard <rene@debian.org>
Date: Tue, 5 Oct 2010 10:53:18 +0200
Message-id: <[🔎] 20101005085318.GE19888@rene-engelhard.de>
In-reply-to: <[🔎] 4CAACE4A.9030106@ser-tec.org>
References: <E1P2sC5-0002W4-7h@chopin.debian.org> <[🔎] 4CAACE4A.9030106@ser-tec.org>

close 592399 2.3.7-2+lenny3
thanks

On Tue, Oct 05, 2010 at 09:05:46AM +0200, Davide Mirtillo wrote:
> Hello, i just ran the update via aptitude, and apt-listbug reported the
> package as affected by bug #592399 [1]. Aptitude installed
> 2.3.7-2+lenny4, and that version is not marked as bug-free in the bug
> report page.

freetype (2.3.7-2+lenny4) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * fix CVE-2010-3311: integer overflow which can lead to a heap overflow in
    libXft

 -- Stefan Fritsch <sf@debian.org>  Tue, 28 Sep 2010 15:46:35 +0200

freetype (2.3.7-2+lenny3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2010-1797: Multiple stack-based buffer overflows
[...]
 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 05 Sep 2010 14:51:39 +0200
[...]

The bug was "of course" not closed with that upload. Marking as fixed...

Grüße/Regards,

René
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  rene@debian.org | GnuPG-Key ID: D03E3E70
   `-   Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70

Reply to:

References:
- Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow
  - From: Davide Mirtillo <davide@ser-tec.org>

Prev by Date: Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow
Next by Date: Accounting.
Previous by thread: Re: [SECURITY] [DSA-2116-1] New freetype packages integer overflow
Next by thread: Accounting.
Index(es):
- Date
- Thread