UbuntuUpdates.org

Package "t1lib"

Name: t1lib

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Type 1 font rasterizer library - runtime
  • Type 1 font rasterizer library - debugging runtime
  • Type 1 font rasterizer library - development
  • Type 1 font rasterizer library - developers documentation
Latest version: 5.1.2-3.4ubuntu1
Release: precise (12.04)
Level: base
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "t1lib" in Precise

Repository Area Version
base universe 5.1.2-3.4ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.1.2-3.4ubuntu1 2012-01-18 01:02:56 UTC

t1lib (5.1.2-3.4ubuntu1) precise; urgency=low

  * SECURITY UPDATE: fix denial of service via oversized fonts
    - debian/patches/CVE-2011-1552_1553_1554.patch: add additional tests to
      address remaining crashes
    - CVE-2011-1552
    - CVE-2011-1553
    - CVE-2011-1554
  * SECURITY UPDATE: fix heap-based buffer overflow via AFM font parser
    - update debian/patches/series to apply CVE-2010-2642.patch which was
      mistakenly not updated in 5.1.2-3.4
    - CVE-2010-2642
    - CVE-2011-0433

 -- Jamie Strandboge Tue, 17 Jan 2012 14:49:38 -0600
Source diff to previous version
CVE-2011-1552 t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to caus
CVE-2011-1553 Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial
CVE-2011-1554 Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (
CVE-2010-2642 ["RESERVED"]
CVE-2011-0433 linetoken() buffer overflow

Version: 5.1.2-3.4 2012-01-17 22:02:41 UTC

t1lib (5.1.2-3.4) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * debian/patches:
    - CVE-2010-2642 added, fix heap-based buffer overflow first found in
      evince but applicable to the embedded afmparse library found in t1lib
      too. Fixes CVE-2011-0433 too on the same patch.

 -- Yves-Alexis Perez Sun, 15 Jan 2012 13:47:26 +0100
Source diff to previous version
CVE-2010-2642 ["RESERVED"]
CVE-2011-0433 linetoken() buffer overflow

Version: 5.1.2-3ubuntu3 2011-12-21 17:03:30 UTC

t1lib (5.1.2-3ubuntu3) precise; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted Type 1 font
    - lib/type1/type1.c: Only use ppoints when it is a valid pointer
    - CVE-2011-0764

 -- Tyler Hicks Mon, 19 Dec 2011 11:24:15 -0600
CVE-2011-0764 t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which


About   -   Send Feedback to @ubuntu_updates