UbuntuUpdates.org

Package "libt1-5-dbg"

Name: libt1-5-dbg

Description:

Type 1 font rasterizer library - debugging runtime
Latest version: 5.1.2-3.4ubuntu1
Release: precise (12.04)
Level: base
Repository: main
Head package: t1lib
Homepage: ftp://sunsite.unc.edu/pub/Linux/libs/graphics/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libt1-5-dbg"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libt1-5-dbg" in Precise

No other version of this package is available in the Precise release.

Changelog

Version: 5.1.2-3.4ubuntu1 2012-01-18 01:02:56 UTC

t1lib (5.1.2-3.4ubuntu1) precise; urgency=low

  * SECURITY UPDATE: fix denial of service via oversized fonts
    - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to
      address remaining crashes
    - CVE-2011-1552
    - CVE-2011-1553
    - CVE-2011-1554
  * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser
    - update debian/patches/series to apply CVE-2010-2642.patch which was
      mistakenly not updated in 5.1.2-3.4
    - CVE-2010-2642
    - CVE-2011-0433

 -- Jamie Strandboge Tue, 17 Jan 2012 14:49:38 -0600
Source diff to previous version
CVE-2011-1552 t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to caus
CVE-2011-1553 Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial
CVE-2011-1554 Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (
CVE-2010-2642 ["RESERVED"]
CVE-2011-0433 linetoken() buffer overflow

Version: 5.1.2-3.4 2012-01-17 22:02:41 UTC

t1lib (5.1.2-3.4) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2010-2642 added, fix heap-based buffer overflow first found in
      evince but applicable to the embedded afmparse library found in t1lib
      too. Fixes CVE-2011-0433 too on the same patch.

 -- Yves-Alexis Perez Sun, 15 Jan 2012 13:47:26 +0100
Source diff to previous version
CVE-2010-2642 ["RESERVED"]
CVE-2011-0433 linetoken() buffer overflow

Version: 5.1.2-3ubuntu3 2011-12-21 17:03:30 UTC

t1lib (5.1.2-3ubuntu3) precise; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - lib/type1/type1.c: Only use ppoints when it is a valid pointer
    - CVE-2011-0764

 -- Tyler Hicks Mon, 19 Dec 2011 11:24:15 -0600
CVE-2011-0764 t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which


About   -   Send Feedback to @ubuntu_updates