-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Jan 2012 21:55:47 +0100 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: armel Version: 5.1.2-3+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: armel Build Daemon (alwyn) Changed-By: Yves-Alexis Perez Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Closes: 652996 Changes: t1lib (5.1.2-3+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2010-2642 added, fix heap-based buffer overflow first found in evince but applicable to the embedded afmparse library found in t1lib too. Fixes CVE-2011-0433 too on the same patch. - CVE-2011-0764 added, fix arbitrary code execution by only using ppoints when it is a valid pointer. closes: #652996 This fixes CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554 * format-string added, fix a format string error IfTrace0 macro and another in T1_SubfsetFont(). Checksums-Sha1: b1f32e9e4f9c366999db7ad059e9de274549cb51 169770 libt1-5_5.1.2-3+squeeze1_armel.deb b2578f529ff4f5ac6a8d49a227ee9dd0b1d8564e 181992 libt1-dev_5.1.2-3+squeeze1_armel.deb dd0858f77b920a7a31d0c2f136eb151acffb81b7 65690 t1lib-bin_5.1.2-3+squeeze1_armel.deb 9a5e155e15810dcd543e8703b66ca6fc222db5b0 209226 libt1-5-dbg_5.1.2-3+squeeze1_armel.deb Checksums-Sha256: c80476ec2847d855f2e950c3c37aa108ba8e3c97571c74f633648267abcb2fad 169770 libt1-5_5.1.2-3+squeeze1_armel.deb 1d218737837d534970f42c6245da1d8f3957bd71e0ba7ce9df8e687f8500af90 181992 libt1-dev_5.1.2-3+squeeze1_armel.deb 9b6dc2fffaec38708d42921b4aaabe79b01ba652a0e3e89dace2c08fbc93be97 65690 t1lib-bin_5.1.2-3+squeeze1_armel.deb 81a991532f8daa61dc75bea263eb427056ddad422387a90472189d391c5435a8 209226 libt1-5-dbg_5.1.2-3+squeeze1_armel.deb Files: 5caac509cc39ebb3d1315c7d06930f00 169770 libs optional libt1-5_5.1.2-3+squeeze1_armel.deb c2e8bdc37722e91dfd0bf6047ea5f80c 181992 libdevel optional libt1-dev_5.1.2-3+squeeze1_armel.deb 83001717a3b83640a800d8737c0c0efd 65690 misc optional t1lib-bin_5.1.2-3+squeeze1_armel.deb 77d0a74f2b2804d2b447e4ef14be8361 209226 libdevel extra libt1-5-dbg_5.1.2-3+squeeze1_armel.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJPEplrAAoJEBRVXZHoMsNVFAEP/RdcX6R0A3J/WouV+eEhcCwg Sz75HvX2DdUyPuwfS/woszhoZCtT2YZ9s4NSFm33e6Q4KJsxLk/cSyNPwSdRVyDr frRf0VXrzu160k0cH/Nq6r3tYS0uoXVa/aEFP2yf795qEscceLfD9PUCSAsFiAVd XvlNMumrXGdT58mY9MghR+BAPC34H0pQQ5QsmO1OSDDvEtnMQ+Mj00yRvPdDufIf PP9K1BtE01rogU8J8WZnkXnwoaF3LSRFH40ie202TAwoVKv0RXpoI89pV/AofRvU Bcmb+J3oJ0kpWt64qNOCRGCXPfSauygSwfO5zobRZ825HjPRa0LyqGhPvHSYoj7e SVDC3o3anDxYenvH28z0Q0tBKc4649uFs4ow5cNx2OU9xq011RJFx9yaH4ns5wN9 6YwIY3GiFpz2Y9WgicGSL7hFT1/Zo0DwaXrhMJr8ALZ/CLsZQ/Itvy4PE05X6AK0 fFL08cqcpZVLE//y+x4kOUlYvioz85aH++SvjLTvmm/BZSztHLO8IlI8dW756Y3r 2yJLFUhFBOeJ1tLaDjk8XSpXnF1UYjskqT3v8IzAWlsyDSf79qwPDH2nNZ4OgHtR L8hbiFv+rkrT8W57JdGaN3C7N44vroXfO5dYUa7+3wtC9IohEJfBGDpVXwRwz9nI JkWjWC7mFiE5O4712bGt =Xmrj -----END PGP SIGNATURE-----