[SECURITY] [DSA 2253-1] fontforge security update

2011-06-0319:42:34

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.166 Low

EPSS

Percentile

96.0%

JSON

Debian Security Advisory DSA-2253-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
June 3, 2011 http://www.debian.org/security/faq

Package : fontforge
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-4259
Debian Bug : 605537

Ulrik Persson reported a stack-based buffer overflow flaw in FontForge,
a font editor. When processed a crafted Bitmap Distribution Format (BDF)
FontForge could crash or execute arbitrary code with the privileges of
the user running FontForge.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.0.20080429-1+lenny2.

For the stable distribution (squeeze), testing distribution (wheezy),
and unstable distribution (sid) are not affected by this problem.

We recommend that you upgrade your fontforge packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5alphapython-fontforge< 0.0.20080429-1+lenny2python-fontforge_0.0.20080429-1+lenny2_alpha.deb
Debian5s390python-fontforge< 0.0.20080429-1+lenny2python-fontforge_0.0.20080429-1+lenny2_s390.deb
Debian5armfontforge< 0.0.20080429-1+lenny2fontforge_0.0.20080429-1+lenny2_arm.deb
Debian5amd64fontforge< 0.0.20080429-1+lenny2fontforge_0.0.20080429-1+lenny2_amd64.deb
Debian5sparcpython-fontforge< 0.0.20080429-1+lenny2python-fontforge_0.0.20080429-1+lenny2_sparc.deb
Debian5armelfontforge< 0.0.20080429-1+lenny2fontforge_0.0.20080429-1+lenny2_armel.deb
Debian5mipsfontforge< 0.0.20080429-1+lenny2fontforge_0.0.20080429-1+lenny2_mips.deb
Debian5powerpcfontforge< 0.0.20080429-1+lenny2fontforge_0.0.20080429-1+lenny2_powerpc.deb
Debian5armpython-fontforge< 0.0.20080429-1+lenny2python-fontforge_0.0.20080429-1+lenny2_arm.deb
Debian5allfontforge-doc< 0.0.20080429-1+lenny2fontforge-doc_0.0.20080429-1+lenny2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	alpha	python-fontforge	< 0.0.20080429-1+lenny2	python-fontforge_0.0.20080429-1+lenny2_alpha.deb
Debian	5	s390	python-fontforge	< 0.0.20080429-1+lenny2	python-fontforge_0.0.20080429-1+lenny2_s390.deb
Debian	5	arm	fontforge	< 0.0.20080429-1+lenny2	fontforge_0.0.20080429-1+lenny2_arm.deb
Debian	5	amd64	fontforge	< 0.0.20080429-1+lenny2	fontforge_0.0.20080429-1+lenny2_amd64.deb
Debian	5	sparc	python-fontforge	< 0.0.20080429-1+lenny2	python-fontforge_0.0.20080429-1+lenny2_sparc.deb
Debian	5	armel	fontforge	< 0.0.20080429-1+lenny2	fontforge_0.0.20080429-1+lenny2_armel.deb
Debian	5	mips	fontforge	< 0.0.20080429-1+lenny2	fontforge_0.0.20080429-1+lenny2_mips.deb
Debian	5	powerpc	fontforge	< 0.0.20080429-1+lenny2	fontforge_0.0.20080429-1+lenny2_powerpc.deb
Debian	5	arm	python-fontforge	< 0.0.20080429-1+lenny2	python-fontforge_0.0.20080429-1+lenny2_arm.deb
Debian	5	all	fontforge-doc	< 0.0.20080429-1+lenny2	fontforge-doc_0.0.20080429-1+lenny2_all.deb