[Technik] [SECURITY] [DSA 1334-1] New freetype packages fix
arbitary code execution
Noèl Köthe
noel at debian.org
Fri Jul 27 08:35:28 CEST 2007
Am Mittwoch, den 18.07.2007, 21:18 +0100 schrieb Steve Kemp:
> Debian Security Advisory DSA-1334 security at debian.org
> http://www.debian.org/security/ Steve Kemp
> July 18th, 2007
>
> Package : freetype
> Vulnerability : integer overflow
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2007-2754
> Debian Bug : 425625
freetype auf h01, h02, h03, h04 und cupa aktualisiert.
> For the old stable distribution (sarge), this problem has been fixed in
> version 2.1.7-8.
changelog:
freetype (2.1.7-8) oldstable-security; urgency=high
* debian/patches-freetype/500-CVE-2007-2754_ttgfload.diff: address
CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted
TTF image by way of an integer overflow. Closes: #425625.
-- Steve Langasek <vorlon at debian.org> Mon, 09 Jul 2007 01:39:14 -0700
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070727/fcbdda42/attachment.pgp
More information about the Technik
mailing list