From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : freetype
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527

Robert Swiecki discovered several vulnerabilities in the FreeType font
library, which could lead to the execution of arbitrary code if a
malformed font file is processed.

Also, several buffer overflows were found in the included demo programs.


For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny2.

For the unstable distribution (sid), these problems have been fixed in
version 2.4.0-1.

We recommend that you upgrade your freetype packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc
Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz
Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb
Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb
Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb
Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb
Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1

arm architecture (ARM)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb
Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb
Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb
Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb
Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb
Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb
Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb
Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)