-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Jan 2012 21:55:47 +0100 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: ia64 Version: 5.1.2-3+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: ia64 Build Daemon (alkman) Changed-By: Yves-Alexis Perez Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Closes: 652996 Changes: t1lib (5.1.2-3+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2010-2642 added, fix heap-based buffer overflow first found in evince but applicable to the embedded afmparse library found in t1lib too. Fixes CVE-2011-0433 too on the same patch. - CVE-2011-0764 added, fix arbitrary code execution by only using ppoints when it is a valid pointer. closes: #652996 This fixes CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554 * format-string added, fix a format string error IfTrace0 macro and another in T1_SubfsetFont(). Checksums-Sha1: fec175d2881eb346c88c0779524cd28f3beb3335 247824 libt1-5_5.1.2-3+squeeze1_ia64.deb c889a0e2418a1423fc33cc26e2a04d62c8d2d97f 298804 libt1-dev_5.1.2-3+squeeze1_ia64.deb db705c51917bfd15719b0c43ea6e50fd7611cdd1 71328 t1lib-bin_5.1.2-3+squeeze1_ia64.deb 30f82a432341fd4838e2b31ba5761753c1b776c1 227850 libt1-5-dbg_5.1.2-3+squeeze1_ia64.deb Checksums-Sha256: 74dbb400c28ef93159725342d19cc307866bea36466e1c54d8b695bc39cfd269 247824 libt1-5_5.1.2-3+squeeze1_ia64.deb c1329260f3e13275348c8e39ea986cbcbb4f95b50a99beb6b192c1ea726048d5 298804 libt1-dev_5.1.2-3+squeeze1_ia64.deb 8b49df8abd70beca762535dd93c3cd751e5d9cf6dd8c8ead0e9150ba0a90d2f0 71328 t1lib-bin_5.1.2-3+squeeze1_ia64.deb 6ab552d4fc4d3af543ca87ed2279928ab55a34bf9aba96165c73a3ff9cb48612 227850 libt1-5-dbg_5.1.2-3+squeeze1_ia64.deb Files: f5a3464c1068567dd18d59a3ee84ca6f 247824 libs optional libt1-5_5.1.2-3+squeeze1_ia64.deb fca977b9dfd33e6935c39841c97d104a 298804 libdevel optional libt1-dev_5.1.2-3+squeeze1_ia64.deb ca5371bbfb8339111dfaa93892c4b47c 71328 misc optional t1lib-bin_5.1.2-3+squeeze1_ia64.deb f216682ddaf65f6601f9feb802843980 227850 libdevel extra libt1-5-dbg_5.1.2-3+squeeze1_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJPEpfiAAoJEEvpbjz8HoZo2ZQP/2/gLDrD0X0gW3IQS/jR24cc ZbnA05fr0vdy8lsIVWdX1SAGX0OyyeUYl6ePTZaqEj0R6klnjcwZlCvBu88Tryqt YsqmYf1pwlT/GisroxIrPoO3lTcHdXQdf7l4VuOSCEzCL79xmiX80Hm3j+gn2a2E 6Ws9F1N5jlhY25L73Kh2EMA0x8INh4UfklUbNwSbLWiEVh92IdRQLlMIDSkOGJhW MTssJEWjZrEFjr7sVmHEQX5ifPp3XSayrtAm+F/KmpaGGj8BO9pmPXeZsEFpidQU 8TcXYMQ2YMKvKHUccMTurL81E5efNTC2S3HqS5frn3HRak/EbOZHKPE6Y2/QEXMj 6eH19BFkkoqbzQ7lnMBvh/X59XH5PT/2yp4pqYgfn2wTO2gbkAy93uRRk9s4wg3w koy1jwXrFYPQPzKWlJZbGwO2iXKHXsCfvwRyEkLCuO6V1r4UgmT4hzGPLNifKVbe XJs9lJiB8v+eSc8ABfAcIqHaS8nSF6FdOGg4gDYqHl8NQgqCQqgh3RhjAzLb9JUS H1GCd+CSgn9b4QN1HKUVrT5cue4dRPPZ16hGJ4ErhSvGXZKI6c1WsKiVGBrN7z1q ceAYdFB8Wqjo7qLGS8PB/yqZEbYEQ3kWl9/GooR5KI6AhWlBuOCebTamSflwkLaS Shi1qz/ir8oAGqx+7Iff =Mbtr -----END PGP SIGNATURE-----