[Pkg-fonts-bugs] Accepted fontforge 0.0.20120101+git-2+deb7u1 (source amd64) into oldoldstable
Thorsten Alteholz
debian at alteholz.de
Sat Aug 26 14:50:20 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Aug 2017 16:03:02 +0200
Source: fontforge
Binary: fontforge fontforge-nox libfontforge-dev libfontforge1 libgdraw4 python-fontforge fontforge-dbg
Architecture: source amd64
Version: 0.0.20120101+git-2+deb7u1
Distribution: wheezy-security
Urgency: low
Maintainer: Debian Fonts Task Force <pkg-fonts-devel at lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian at alteholz.de>
Description:
fontforge - font editor
fontforge-dbg - debugging symbols for fontforge
fontforge-nox - font editor - non-X version
libfontforge-dev - font editor - runtime library (development files)
libfontforge1 - font editor - runtime library
libgdraw4 - font editor - runtime graphics and widget library
python-fontforge - font editor - Python bindings
Changes:
fontforge (0.0.20120101+git-2+deb7u1) wheezy-security; urgency=low
.
* Non-maintainer upload by the Wheezy LTS Team.
* CVE-2017-11568-11569-11571-11572-11574-11575-11576-11577.patch
Fix for several CVEs:
CVE-2017-11568
CVE-2017-11569
CVE-2017-11571
CVE-2017-11572
CVE-2017-11574
CVE-2017-11575
CVE-2017-11576
CVE-2017-11577
FontForge 20161012 is vulnerable to heap-based buffer over-read in
several functions, resulting in DoS or code execution via a crafted
otf file:
Checksums-Sha1:
8c79b01e91c9b47c27b6eccc33540d4fd5cdd055 2921 fontforge_0.0.20120101+git-2+deb7u1.dsc
060058d2ac7d76c3f6c7b4313dd1f6122bfcc2fb 6794037 fontforge_0.0.20120101+git.orig.tar.gz
6ccc3b7a3be92d7fb730232602aa180620aead77 21827 fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz
f5070759d0e732e4b323e5f03b7077a7f49e8ee1 2577868 fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
d541f7f6d5bd9ebda2e34c49f2d9fde2bdd469a1 1448154 fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb
33df4542c0e519778f1797a3dbd1341c16aaa182 133548 libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb
85530f2165e9b553bb4fc297ca1daaaef4e2bad6 2672786 libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb
e8501af3458b70c67352412edaf5158339726c82 380288 libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb
d68770478c58e850ab2aba1fc4585f6e88e0f9cd 16272 python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
32bb6fc0cd441f3cd5e0387951c3bde27461e5e7 7716060 fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb
Checksums-Sha256:
bc91bcd59a28147d49f2610736db233d42f484a31213e77f591b84b02610375f 2921 fontforge_0.0.20120101+git-2+deb7u1.dsc
f19454066bbd152e961e9bf9a63478739c1fa5fc8eda98353d583b887d52c7b7 6794037 fontforge_0.0.20120101+git.orig.tar.gz
9f1b1316f3664d7094fbc38c9f64a8c5a9d7e1ab031608109ae6bdf532440f5c 21827 fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz
de5fe5eb2b24e80eacdf5a12fe9ce1532f86e71aec95dafb4207d696f98fc743 2577868 fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
7bb1b829e66a4756b0960bbae51201ee5fc1408ebd6b7c1899a75142168a7206 1448154 fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb
fbbbca2f1b06a9b0c1c31c07448a5e09694c2223411d60960a9d486447e80c4e 133548 libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb
61feb599068b3b4fe1406ce325d5ba18f0757a391697e7e6d38f22ac89a6663d 2672786 libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb
c482e05155bb607328a7afdc64255b8a3adaf1b2a15c8158981b93303bd963c3 380288 libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb
95b0cb4eac4ca0bb2f2f5ba22d3c9f345c032fe3cb919f236fd1bea8c3594be3 16272 python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
6c89514ffb84e671a7536987a24d705a6d263e11fe1d2d83dd3bca927b6d3c3b 7716060 fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb
Files:
c86ae1c1900caf48abca06cafd5be702 2921 fonts optional fontforge_0.0.20120101+git-2+deb7u1.dsc
c2f3994211179e28785aac92e45f6961 6794037 fonts optional fontforge_0.0.20120101+git.orig.tar.gz
dcd4742e90d523a7fc6238a45d4ac33f 21827 fonts optional fontforge_0.0.20120101+git-2+deb7u1.debian.tar.gz
716e1e72551ea8b8893954b270434733 2577868 fonts optional fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
76e3a4f4159df43d992814591346dfb3 1448154 fonts optional fontforge-nox_0.0.20120101+git-2+deb7u1_amd64.deb
aa7f3e12310e84e25f4642f803d5a018 133548 libdevel optional libfontforge-dev_0.0.20120101+git-2+deb7u1_amd64.deb
2650789f4bd58e3d546664a0142bab73 2672786 libs optional libfontforge1_0.0.20120101+git-2+deb7u1_amd64.deb
a18c5dfca773763c11a26bdeee8373b8 380288 libs optional libgdraw4_0.0.20120101+git-2+deb7u1_amd64.deb
88b9b762facae8b826023f10ef98dc21 16272 python optional python-fontforge_0.0.20120101+git-2+deb7u1_amd64.deb
33df1ca986cb4be39d7e527724826362 7716060 debug extra fontforge-dbg_0.0.20120101+git-2+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlmhiLxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRzzQD/0XZBheSrQY1S/+9GJO0rs2C6WBsE4A
RPs2GBnHHET2nDbvUomLVsvDLgO+l8fRXg6wqMnzsyUkQ9fT64/reOU6BOthDRc+
IaM8yeoqMiLSmzESGXoWH/G8Stk6yXFpXx/Q6bCrr49seFCCV2cwlcXUZU/Vf9rg
FzTpUTAz/9BjU/0A3s4HkZv/P8qTiJvx9bVud+KR72ZUwBG5x2Vg38i6ysoIJUo9
2qh0xAfuEGDR9Z87us02ewkshFJCZ59F1su8+UI1pN7Np3bfRXplC0XsxueOzmor
8hbcqT/8xpwdh3l4mcUe9WVk4AKq786pnRB/N+y6WIUBX68zTqG7q3Ba8vDv167d
PFVx9JgVonDrLvW+Uj+E1ZuBYdsqAo75g/mUB/mGZXx3FdymtYXeUVuC4CXjx+vV
f+YJqjtYZVG57AV27R3PYTwIHaJ6VjtbGeQb7DykYJiY7g6Wnujyd524zlhZqpKJ
O8C4EsFyyY5Ahkwbe6E2xjeDu4x//Pg1aqXC4BT5WaGIctfbEg+4xSNl8m0Ait6Q
IT5bjIVLmK2oBDjbiyH4kgWvn0W9YAo17jcHjLRdcobRCOp0pOJkgw3UrF59rkBT
d/1gVhIkWMt/cpfE2dM3Vr8Gm72YDqOlYoQ+Kmj2RgpNJGycDfCT3T+jn3ovv5eV
ptGlGAo5QkP9iw==
=MsmA
-----END PGP SIGNATURE-----
More information about the Pkg-fonts-bugs
mailing list