[SECURITY] [DLA 256-1] t1utils security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 256-1] t1utils security update
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Mon, 29 Jun 2015 13:07:07 +0200
Message-id: <[🔎] 20150629110707.GA23871@nomada>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : t1utils
Version        : 1.36-1+deb6u1
CVE ID         : CVE-2015-3905
Debian Bug     : 779274

Jakub Wilk found a vulnerability in the Type 1 font manipulation
programs, t1utils:

CVE-2015-3905

    Buffer overflow in the set_cs_start function in t1disasm.c in t1utils
    before 1.39 allows remote attackers to cause a denial of service (crash)
    and possibly execute arbitrary code via a crafted font file.

For Debian 6 "Squeeze", this issue has been fixed in t1utils version
1.36-1+deb6u1.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 255-1] cacti security update
Next by Date: [SECURITY] [DLA 257-1] libwmf security update
Previous by thread: [SECURITY] [DLA 255-1] cacti security update
Next by thread: [SECURITY] [DLA 257-1] libwmf security update
Index(es):
- Date
- Thread