-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 14 Jan 2012 21:55:47 +0100 Source: t1lib Binary: libt1-5 libt1-dev t1lib-bin libt1-doc libt1-5-dbg Architecture: kfreebsd-i386 Version: 5.1.2-3+squeeze1 Distribution: squeeze-security Urgency: high Maintainer: kfreebsd-i386 Build Daemon (field) Changed-By: Yves-Alexis Perez Description: libt1-5 - Type 1 font rasterizer library - runtime libt1-5-dbg - Type 1 font rasterizer library - debugging runtime libt1-dev - Type 1 font rasterizer library - development libt1-doc - Type 1 font rasterizer library - developers documentation t1lib-bin - Type 1 font rasterizer library - user binaries Closes: 652996 Changes: t1lib (5.1.2-3+squeeze1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * debian/patches: - CVE-2010-2642 added, fix heap-based buffer overflow first found in evince but applicable to the embedded afmparse library found in t1lib too. Fixes CVE-2011-0433 too on the same patch. - CVE-2011-0764 added, fix arbitrary code execution by only using ppoints when it is a valid pointer. closes: #652996 This fixes CVE-2011-0764, CVE-2011-1552, CVE-2011-1553 and CVE-2011-1554 * format-string added, fix a format string error IfTrace0 macro and another in T1_SubfsetFont(). Checksums-Sha1: db934888a9efcf18e1d58302608548488afeda72 154202 libt1-5_5.1.2-3+squeeze1_kfreebsd-i386.deb 9c00ab0b547e15216ae9cc8f5d431ad53984615d 175164 libt1-dev_5.1.2-3+squeeze1_kfreebsd-i386.deb bc6d47487cfac8cf5ce8ddba353f3979971b496a 57472 t1lib-bin_5.1.2-3+squeeze1_kfreebsd-i386.deb fe93c8957544c02df09084f2c50d8f658cdc0c5b 203450 libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-i386.deb Checksums-Sha256: d6551806a58668f49460317f1de54120b2ea7599449a6a25996410c1f00d2868 154202 libt1-5_5.1.2-3+squeeze1_kfreebsd-i386.deb 0eb427580da05bfce6557cef23b9621e7b5df664a7fc35a9e5502ecacb6ef820 175164 libt1-dev_5.1.2-3+squeeze1_kfreebsd-i386.deb 51a49761fb2df6cebec6061981f587650d1e883f011e1645001243d045fb23ca 57472 t1lib-bin_5.1.2-3+squeeze1_kfreebsd-i386.deb 2d11d3ed0b892b40c88f14b4b71bb271c0f758ebd60b0dc63aa908afd7805c83 203450 libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-i386.deb Files: 8fa632128f7e5075995c63087c5f377e 154202 libs optional libt1-5_5.1.2-3+squeeze1_kfreebsd-i386.deb 6f75b312af06589ff5c2c6e7b3eb24af 175164 libdevel optional libt1-dev_5.1.2-3+squeeze1_kfreebsd-i386.deb 027888e060cd3d5262f0223782d37b66 57472 misc optional t1lib-bin_5.1.2-3+squeeze1_kfreebsd-i386.deb b5b40e362a3e802bbadc46aab34b59da 203450 libdevel extra libt1-5-dbg_5.1.2-3+squeeze1_kfreebsd-i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/kFreeBSD) iQIcBAEBAgAGBQJPEphBAAoJEEzv3ERlujMcHP8QAKQ73vhDy2YtOHsIosF2Spi8 TGGq68m1P8es+uAvXFP6iwVnKmhJLTV/uAR0nTZa9TLm6JcFz+SqAsxcQfuaAovp gnkNYUYMuob6yx7buzWIoK0lRD4TagJsWOqGRUqCF2hysIbrtPD91bKPp5AHVXUc V/hFpWOdLZVHcHQBjnkQ8y/qGYsGgWzEFB6gtCgpm00sk2YgpBAREBySKwxIMeTs zQPVJ7HW/a+aNnHfAkfV1y3I0EWIc4czPjj8Bqp42C+KUHznt0A4sAFH5UxP0sqh U64DtjFM1idULKJgMMnbBjAzsCNnS5vOr7d6vuSikkFJFLbrsM5BLO49aNj6t7WB s8VpSpJogfe8oaq78GODismy+MMaMAz1u999OhBQfLvqrX/hx6E1hR6sn6ZJ7pU1 i2DmwYoL0TI5k+iHLaavObsA7vIOdP2I6jHXJ44Yhb94gDoMyqsuljCJJXEdnbGF iH94cUxIo3Ou9gMYT6kGbGCEJPHuONfO+/HCvZ+zYh3Iq2xF00OJzCJSk56vezuA I/13JvInbNpA88+oKf2/sJ/GUT+17cgxt2Za1kpU5VAxQHwUyAJ+0Nm4EzuAXLvT afsOl6GDtFQ3hUBcvVD0AuRoiUS1gpPxdtkRx5fDk3xq4t5fSPDJpCpjo5V3NtLB l1sYz7v+0uSmGHL2+S0A =Tvqz -----END PGP SIGNATURE-----