Debian Bug report logs - #646120
CVE-2011-3256

version graph

Package: freetype; Maintainer for freetype is Steve Langasek <vorlon@debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 21 Oct 2011 14:03:01 UTC

Severity: grave

Tags: security

Fixed in version freetype/2.4.7-1

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#646120; Package freetype. (Fri, 21 Oct 2011 14:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Steve Langasek <vorlon@debian.org>. (Fri, 21 Oct 2011 14:03:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-3256
Date: Fri, 21 Oct 2011 15:59:22 +0200
Package: freetype
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3256 for
references and a patch.

Cheers,
        Moritz




Reply sent to Steve Langasek <vorlon@debian.org>:
You have taken responsibility. (Sat, 22 Oct 2011 23:06:08 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 22 Oct 2011 23:06:08 GMT) Full text and rfc822 format available.

Message #10 received at 646120-close@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 646120-close@bugs.debian.org
Subject: Bug#646120: fixed in freetype 2.4.7-1
Date: Sat, 22 Oct 2011 23:02:48 +0000
Source: freetype
Source-Version: 2.4.7-1

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive:

freetype2-demos_2.4.7-1_amd64.deb
  to main/f/freetype/freetype2-demos_2.4.7-1_amd64.deb
freetype_2.4.7-1.diff.gz
  to main/f/freetype/freetype_2.4.7-1.diff.gz
freetype_2.4.7-1.dsc
  to main/f/freetype/freetype_2.4.7-1.dsc
freetype_2.4.7.orig.tar.gz
  to main/f/freetype/freetype_2.4.7.orig.tar.gz
libfreetype6-dev_2.4.7-1_amd64.deb
  to main/f/freetype/libfreetype6-dev_2.4.7-1_amd64.deb
libfreetype6-udeb_2.4.7-1_amd64.udeb
  to main/f/freetype/libfreetype6-udeb_2.4.7-1_amd64.udeb
libfreetype6_2.4.7-1_amd64.deb
  to main/f/freetype/libfreetype6_2.4.7-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 646120@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Oct 2011 20:18:59 +0000
Source: freetype
Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb
Architecture: source amd64
Version: 2.4.7-1
Distribution: unstable
Urgency: low
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 freetype2-demos - FreeType 2 demonstration programs
 libfreetype6 - FreeType 2 font engine, shared library files
 libfreetype6-dev - FreeType 2 font engine, development files
 libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb)
Closes: 639638 646120
Changes: 
 freetype (2.4.7-1) unstable; urgency=low
 .
   * New upstream release
     - upstream fix for CVE-2011-3256.  Closes: #646120.
     - drop debian/patches-freetype/0001-Fix-Savannah-bug-33992.patch,
       included upstream.
   * Pass --without-bzip2 to configure, to avoid unwanted dependency on
     libbz2.  Closes: #639638.
   * Standards-Version 3.9.2.
Checksums-Sha1: 
 518dc1b9683672d35431445c5d4df827ce140061 2026 freetype_2.4.7-1.dsc
 4356f999dba69e40c3f82fc7b887e3e2062363da 1759706 freetype_2.4.7.orig.tar.gz
 f514fbf088fb79c7ec5ec1bc7220774a747ddecb 34210 freetype_2.4.7-1.diff.gz
 c49ef4f08f858348429352882940c38ec36d963e 439222 libfreetype6_2.4.7-1_amd64.deb
 03115abf5ad6b22c493243339e499c6a71273e2c 796204 libfreetype6-dev_2.4.7-1_amd64.deb
 e707bbb28caa1187fb584c1d7577e4002ada604d 217056 freetype2-demos_2.4.7-1_amd64.deb
 f823d7ccb0b93de2ad687560ab528105b318e680 321728 libfreetype6-udeb_2.4.7-1_amd64.udeb
Checksums-Sha256: 
 8353532654aec5c9bdd7568836bf477729d155750a358555916e367145fc62df 2026 freetype_2.4.7-1.dsc
 770bd7363630240eee4e110d21f417fd490d9f0a4010638b2189a8df51c9a0c4 1759706 freetype_2.4.7.orig.tar.gz
 7aaf0789fe2a6562df4f988eab5ac942d233c7fe483156a2b07aa11b196b9b52 34210 freetype_2.4.7-1.diff.gz
 d872bc460a0e0f1cc234ea5d4c8733789627c7625f11860af3c977d21d413a68 439222 libfreetype6_2.4.7-1_amd64.deb
 e25e37f83e35715d051b797e1b546bb28e3a08dbc57d09008bd543ef668179fd 796204 libfreetype6-dev_2.4.7-1_amd64.deb
 fa2dc51ed0114788de9c95dff1069f03a2852b5273c1f7691f81a0dedb7eb4d9 217056 freetype2-demos_2.4.7-1_amd64.deb
 406f6e25424ababa3fce5d3adc4f04b5b2cff744c4e93d9e289fbe2d313e0ee1 321728 libfreetype6-udeb_2.4.7-1_amd64.udeb
Files: 
 f4eae7c4816cca040c5963520a0edf72 2026 libs optional freetype_2.4.7-1.dsc
 23c2273a90f6aa61ac76b1bfc1b8a89b 1759706 libs optional freetype_2.4.7.orig.tar.gz
 da101d3793a905e47dc9400cb401dc29 34210 libs optional freetype_2.4.7-1.diff.gz
 60877c8cb0e2d248fd40e6e79445c55d 439222 libs optional libfreetype6_2.4.7-1_amd64.deb
 41f98e29199d6a588af75348aefb9c61 796204 libdevel optional libfreetype6-dev_2.4.7-1_amd64.deb
 bc11eecdda4193e5b6c11d5be3025ea9 217056 utils optional freetype2-demos_2.4.7-1_amd64.deb
 f19c812aa1e52431106e9d29f1816a88 321728 debian-installer extra libfreetype6-udeb_2.4.7-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTqNI6FaNMPMhshM9AQg4Sw//YP3sty5WlsGT0ld1CWH29eCOIKd0Wx8j
JyFSqKc8+9DKY9bT8lEwT/mWObdm21NkG5VZ5FeqScSscILJJCGavRUsOK45hmTq
qNZFLeRxzgH+yWwjiFu98oRZ8AWJygMYYhdqjKoyaBN2hrNSI8GbHQMp0/ETdz0N
sCWQDa61bK31d6RxSmMt7Os40H3n8pPxFAENj+kOHHHV0o34lSqDysPiXmzuJkVz
48yZwSJN4FlbPwpy6TKJfl30wH1Vwmp55v7WjKsfPhdHKmY+0yPkpBnazZytLJgm
BzrscwNlQfYWoh25vjH36fDnukPsis2oapZZjn/MQtD4wb/8k/abe+a7T5ZpeXrg
x7VKG0JrXswcKlWRxkAizJE8sftR6rp02LnRgIZrR9SGXQjgby+6zWpXyW4Y0Ml3
NYlSWxXDRUJQd45fHPs+lirW2z39uHMG5Ice0AuusLsqV8pNn+ibje5x6tYW5lhE
rnppMMO5M5XVFJrSLFvJ0Fxi5g858whEMZt9wLX18HlMeDYDNF+f0ddO221vr7dG
P0c1RkU0PrQl6W08+ieT4d2Zui4wGchfNQ0aRHtSGqKYKxyKytP47oiKyC7+1Yrt
mo8ZHSZVoxnXkSNL+HWpeFCGNsdYMYrf7TZfXKaIpwQd28iVAFUQQH3fE4sNOgBg
y1PmR6Z/eGU=
=/9o2
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 20 Nov 2011 07:33:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 16:53:19 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.