-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-07-15 13:00:49 UTC
-
Revision ID:
james.westby@ubuntu.com-20100715130049-b5fyjumz6ug88m99
Tags: 2.1.10-1ubuntu2.7
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via invalid free
- debian/patches/412-CVE-2010-2498.patch: validate number of points in
src/pshinter/pshalgo.c.
- CVE-2010-2498
* SECURITY UPDATE: arbitrary code execution via buffer overflow
- debian/patches/413-CVE-2010-2499.patch: check positions and return
code in src/base/ftobjs.c.
- CVE-2010-2499
* SECURITY UPDATE: arbitrary code execution via integer overflow
- debian/patches/414-CVE-2010-2500.patch: switch to unsigned in
src/smooth/ftgrays.c, check signed width and height in
src/smooth/ftsmooth.c.
- CVE-2010-2500
* SECURITY UPDATE: arbitrary code execution via heap buffer overflow
- debian/patches/415-CVE-2010-2519.patch: correctly calculate length in
src/base/ftobjs.c.
- CVE-2010-2519
* SECURITY UPDATE: arbitrary code execution via invalid realloc
- debian/patches/416-CVE-2010-2520.patch: perform bounds checking in
src/truetype/ttinterp.c.
- CVE-2010-2520
* SECURITY UPDATE: arbitrary code execution via buffer overflows
- debian/patches/417-CVE-2010-2527.patch: change buffer sizes in
src/{ftmulti,ftstring,ftview}.c.
- CVE-2010-2527