-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-05-30 17:38:12 UTC
-
Revision ID:
james.westby@ubuntu.com-20060530173812-y0c5giriatxaknit
Tags: 2.1.10-1ubuntu2.1
* SECURITY UPDATE: Arbitrary code execution and DoS with crafted font files.
* Add debian/patches/400-ttkern-loop-variable.patch:
- src/sfnt/ttkern.c, tt_face_get_kerning(): Fix inner loop to use a new
variable instead of destroying the outer loop variable.
- Fixes infinite loop with fonts that don't have a properly sorted kerning
sub-table.
- Patch taken from upstream CVS.
* Add debian/patches/401-odd_blue_num-safe_alloc.patch:
- src/pshinter/pshglob.c: Prevent integer underflow with malformed fonts
which have an odd number of blue values (these are broken according to
the specs). [CVE-2006-0747]
- src/base/ftutil.c: Fail with an 'invalid argument' error on negative
allocations, just to make double sure. [CVE-2006-2661]
- Patches taken from upstream CVS.
* Add debian/patches/402-int-overflows.patch:
- Various int overflow protections. [CVE-2006-1861, CVE-2006-2493]
- Patches taken from upstream CVS.
* Many thanks to Josh Bressers for extracting the patches!