-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 14 Jan 2012 21:55:47 +0100 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: kfreebsd-amd64 Version: 5.1.2-3+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: kfreebsd-amd64 Build Daemon (fasch) Changed-By: Yves-Alexis Perez Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Closes: 652996 Changes: t1lib (5.1.2-3+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2010-2642 added, fix heap-based buffer overflow first found in evince but applicable to the embedded afmparse library found in t1lib too. Fixes CVE-2011-0433 too on the same patch. - CVE-2011-0764 added, fix arbitrary code execution by only using ppoints when it is a valid pointer. closes: #652996 This fixes CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554 * format-string added, fix a format string error IfTrace0 macro and another in T1_SubfsetFont(). Checksums-Sha1: 7300485b3fdc3a169f65f5856e3d372a585e6212 171612 libt1-5_5.1.2-3+squeeze1_kfreebsd-amd64.deb 3d539bcf8a62cc0b0b5af8309fefbe913ca53214 197982 libt1-dev_5.1.2-3+squeeze1_kfreebsd-amd64.deb 910a0ce15c4fe71e0181c24e5717a0366f097808 61516 t1lib-bin_5.1.2-3+squeeze1_kfreebsd-amd64.deb 9e9410039c43e39a23fe84e6860485dd937d8d44 216510 libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-amd64.deb Checksums-Sha256: c62721432b6c6ccb027fc487401fa20d50ad2edff0dbc6ef1c6196675991b2fa 171612 libt1-5_5.1.2-3+squeeze1_kfreebsd-amd64.deb d1a94e44bea6900bb1e5d0154505159d1413d8e235ea21ebb668bb0891bfaeb4 197982 libt1-dev_5.1.2-3+squeeze1_kfreebsd-amd64.deb 54d3a0239c1c94500bd7d0c36d52b5660ef64427c0e5bf36234433498f9dd67a 61516 t1lib-bin_5.1.2-3+squeeze1_kfreebsd-amd64.deb 7e4eb82160123265b5931ccf9c50ed463fe72f9b328eedee61dc758ca3938ec3 216510 libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-amd64.deb Files: ce85990df20baae644a6bc6ef985bf13 171612 libs optional libt1-5_5.1.2-3+squeeze1_kfreebsd-amd64.deb 421494cbc8b9e00d4430f7d72243178f 197982 libdevel optional libt1-dev_5.1.2-3+squeeze1_kfreebsd-amd64.deb 9aa80ea3111cee63898675730ba8d317 61516 misc optional t1lib-bin_5.1.2-3+squeeze1_kfreebsd-amd64.deb 67b601ce811a9081814fc3427704fb11 216510 libdevel extra libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/kFreeBSD) iQIcBAEBAgAGBQJPEpfuAAoJELV0nKsIaKwSVjIP/jyzH6kjSrCF6OT4twZxDzeo 7VJE9C4VHNACwcCd/1Ys/ZyBkgZq1GZzLdgz1UEHZhXwLnyM4jBpacjzPG9NgnXK +XmgplOk/WfXAHqK6V7Y8d4CaOZI3atAemoGdnRgbkO07jhVOipNKaGGquglvNIc +NmuH3umPDE+7RsBSkvo978dSPY3LZgy1pwL3N8XyV3hMjJ/7IWYZJ2z+gK2WH/X 4vYfKuYCmKywX+4s39wopn73SL6/E4p3ay3hAFtOoSnpEaOWeSRV8BgwJews/CNQ AgiHGIV9iaSES/4DQ8ZhynVwXXkv7KKd+DKkdf7ry8J0W262hK/nVbI70a/NdHp0 JGbHqz+g4rWfN/lyKFlAMz7eIAztzt7LjeKgF+4vZl8JqKK4LjjM1Hel7VrNCkdh wQ3qevCp42z526nlT/8Um7F+YHiSL5wGrPUvJYOm9JkswwdSSc6JJCdHZNPy4VNu sSbGCWJ8JUwEs+1prRJ9pqTb5nJ+pJz1sq9QzqSoByomus2bBaYYKTc/Y08omXFl /j+GVkhsZkBa5jofQCWMY5LTT7vjPKCOlq4NjRI22t8Xhwn+iPT/fKIJGVYCG/8W xZsF20+tOM+Z9KGmPtutDC7USm+pB4U0gYbJKlZ3UdDGBbfYy/DZuL4kEwtiobE7 6SFkErpJnQmH6VTH/Ibd =0Fpf -----END PGP SIGNATURE-----