copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0400 -- [UNIX/Linux][Debian] -- New freetype packages fix integer overflow

Date: 19 July 2007
References: ESB-2007.0361  ESB-2008.0019  ESB-2009.0504  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2007.0400 -- [UNIX/Linux][Debian]
                New freetype packages fix integer overflow
                               19 July 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              freetype
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      Debian GNU/Linux 3.1
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-2754

Ref:                  ESB-2007.0361

Original Bulletin:    http://www.debian.org/security/2007/dsa-1302
                      http://www.debian.org/security/2007/dsa-1334

Comment: Note that this vulnerability may be exploited via several application
         file formats which contain embedded fonts that are parsed by FreeType.
         
         This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running freetype check for an updated version of the software for
         their operating system.

Revision History:  July 19 2007: Added packages for older debian versions
                      June 12 2007: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1302-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
June 10, 2007
- - ------------------------------------------------------------------------

Package        : freetype (2.2.1-5+etch1)
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-2754
Debian Bug     : 425625


A problem was discovered with freetype, a FreeTyp2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

For the stable distribution (etch), this problem has been fixed in 
version 2.2.1-5+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.1-6.

We recommend that you upgrade your freetype (2.2.1-5+etch1) package.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.dsc
    Size/MD5 checksum:      798 187a09fa137f44644a826cc561851023
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
    Size/MD5 checksum:  1451392 a584e84d617c6e7919b4aef9b5106cf4
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.diff.gz
    Size/MD5 checksum:    30963 83f454db44bdb8929e0f0381143dc5db

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_alpha.deb
    Size/MD5 checksum:   385008 7d52ba8722e4b357f68abb578b60a52a
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_alpha.deb
    Size/MD5 checksum:   170448 7f2728c29efd7ca024531d8ebf88addc
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_alpha.deb
    Size/MD5 checksum:   732032 116feac33169db3e45c3dc53e4f3157b
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_alpha.udeb
    Size/MD5 checksum:   279204 e62e7644d9d1e22b23e81c6fda87b6d1

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_amd64.deb
    Size/MD5 checksum:   353436 afa12b9f6f0e6bda42de60aa1e019b50
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_amd64.deb
    Size/MD5 checksum:   150526 825c996331a2c0cd274e2b15a8fee7d4
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_amd64.udeb
    Size/MD5 checksum:   248150 f8b87164256e2c6670ab72c07700dbd8
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_amd64.deb
    Size/MD5 checksum:   668724 77394a0182401d64247d41e5877cbe9b

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_arm.deb
    Size/MD5 checksum:   333364 0d7346c0579975150072ce120d99c304
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_arm.deb
    Size/MD5 checksum:   641304 4bb19236147b7dcc902d12ca757d6473
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_arm.deb
    Size/MD5 checksum:   134424 6ea68e623f447fddc5f8cb70a24d6859
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_arm.udeb
    Size/MD5 checksum:   227222 ecc5609d412cf0c093ff11ad678bd5b8

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_hppa.deb
    Size/MD5 checksum:   680184 7e3cb9e8883b4d1f867ca4a540ce809f
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_hppa.deb
    Size/MD5 checksum:   150926 461bcc2b91d791e5f53d0ad9e7f9dbec
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_hppa.udeb
    Size/MD5 checksum:   260406 058fbb02c754707bd01a37bbb0de5a35
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_hppa.deb
    Size/MD5 checksum:   366546 5a6c3b19844f9b1d0275ffae21c87871

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_i386.deb
    Size/MD5 checksum:   341778 f800ba2ee94137591a764136ec71cbd9
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_i386.deb
    Size/MD5 checksum:   641566 d15f9a17fe9b5756026779a9e6639305
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_i386.udeb
    Size/MD5 checksum:   235858 9c5125cd256d1e645470d08d7c73bba5
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_i386.deb
    Size/MD5 checksum:   135254 7fb03ee21e372b7a4602debe961f764a

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_ia64.udeb
    Size/MD5 checksum:   383460 4dcbb0bed034da7c74017e1c730eaae2
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_ia64.deb
    Size/MD5 checksum:   222228 866793358e59a55e71f695b69c4aef1c
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_ia64.deb
    Size/MD5 checksum:   816932 cb592b3c7237b4839c9e540d835a8274
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_ia64.deb
    Size/MD5 checksum:   488868 24c1e3da83b09e14defe70685d7d7545

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mips.udeb
    Size/MD5 checksum:   241570 e9b99262edabeb26811cd4f9ca17e525
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mips.deb
    Size/MD5 checksum:   151484 28b16a6cf6eeee76ceec5938ac8a7cda
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mips.deb
    Size/MD5 checksum:   680518 d7184dbbb1bdc6ad293eef5dc4d98605
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mips.deb
    Size/MD5 checksum:   346636 36abaf52ed32b64c8cd06c2439da8966

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mipsel.deb
    Size/MD5 checksum:   680624 5b7516edcd0b4921beb2ee0c02290102
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mipsel.deb
    Size/MD5 checksum:   150970 c40f00fb7346ceb5029b77d55a62ac28
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mipsel.udeb
    Size/MD5 checksum:   241106 8dbbab1f29502133535bcdbd6a8cf388
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mipsel.deb
    Size/MD5 checksum:   346540 7bfcd60a4ea3f5d5580c2da350358276

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_powerpc.deb
    Size/MD5 checksum:   146690 6c928f9d35183e6e6873a52b620aa0b1
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_powerpc.udeb
    Size/MD5 checksum:   240630 5315a8e1b86e7a93ebbcb30f984305fc
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_powerpc.deb
    Size/MD5 checksum:   661790 283a5c1adff5dc1404bf08c7a6126390
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_powerpc.deb
    Size/MD5 checksum:   345788 4948fad03c1ad9d8fea1a825aa1b605a

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_s390.deb
    Size/MD5 checksum:   355626 5825341b2d4a6cb694ead2c287210934
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_s390.deb
    Size/MD5 checksum:   657010 4169a5f32365bb6c19b31812c82a0bf6
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_s390.deb
    Size/MD5 checksum:   151344 f52143c9d070f6351313358931dc3a98
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_s390.udeb
    Size/MD5 checksum:   249874 65ab48d5fd81670dfd2915db2a2e00c6

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_sparc.udeb
    Size/MD5 checksum:   219654 d1b7c3045b9d86955813bd79398bafdf
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_sparc.deb
    Size/MD5 checksum:   635506 3620350015da5a2b3f99c57c2cdb6b67
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_sparc.deb
    Size/MD5 checksum:   131006 c46976177e1dc1b6b5ef803eb78d8b12
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_sparc.deb
    Size/MD5 checksum:   324968 5a8a7eb0d05cd4c26c1fe26075117c05


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGbADywM/Gs81MDZ0RAuIyAKCB2roP5a2lBoFf49k+j+JR0gy3dQCdGVND
QHLP4ncU5oPtshz4RzKA80Y=
=gcoI
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1334                    security@debian.org
http://www.debian.org/security/                               Steve Kemp
July 18th, 2007
- - ------------------------------------------------------------------------

Package        : freetype
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-2754
Debian Bug     : 425625


A problem was discovered with freetype, a FreeType2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

For the old stable distribution (sarge), this problem has been fixed in
version 2.1.7-8.

We recommend that you upgrade your freetype package.


Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz
    Size/MD5 checksum:    57953 d94a3a7e7575ab5c5aa67d5fc630077d
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc
    Size/MD5 checksum:      754 f04967ca8fffb4340fd8ef716d8fbfb5
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
    Size/MD5 checksum:  1245623 991ff86e88b075ba363e876f4ea58680

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb
    Size/MD5 checksum:    76244 53d4356cfbea6313e1ee0990d2d83b49
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb
    Size/MD5 checksum:   238290 afadfd7dd3c2a2063826e1116740f04e
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb
    Size/MD5 checksum:   390326 6ed30e4b053950c321e4c2010a8265cc
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb
    Size/MD5 checksum:   723758 231145ee63a527899fea4d049e95b58d

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb
    Size/MD5 checksum:   714504 dbe9287cce58eea37c754e8d0a3e7e41
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb
    Size/MD5 checksum:   201950 a7811a90eefb9d9e468ab7e93327bcc2
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb
    Size/MD5 checksum:   352948 b3a8d18cde53bee6b5b6840541b999f4
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb
    Size/MD5 checksum:    58750 9bea9b63383a79219152946274113d80

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb
    Size/MD5 checksum:    80764 f2233eae737a535cbd3a30093d89bde6
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb
    Size/MD5 checksum:   256256 45ad964f89b8d1d51e5bca8a446e40c1
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb
    Size/MD5 checksum:   734426 9a831f2c775dd9dae5a237681dedfffb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb
    Size/MD5 checksum:   407518 659cedf86f7e23bbc492bab1049783a3

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
    Size/MD5 checksum:   212968 df44023a71960bb13e8cbc868a99805c
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
    Size/MD5 checksum:   695068 7e558fc40413ac96d54a6e187619923a
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
    Size/MD5 checksum:   364974 7abd8cdd3d0b864b0f593eb391e95dc8
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
    Size/MD5 checksum:    63184 e6c2ceadaa8a74247d1fe3eb4eead534

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb
    Size/MD5 checksum:   493880 945ff8b8ae11ce35e6dbf53c0068eec7
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb
    Size/MD5 checksum:   843972 e7838653f9bbc9cf243e00f26d435ff6
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_ia64.udeb
    Size/MD5 checksum:   341116 12676831a0ccabb37e6346b8aa063d0a
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_ia64.deb
    Size/MD5 checksum:   102618 86014510edee689b0d570c83a94dea30

m68k architecture (Motorola Mc680x0)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_m68k.deb
    Size/MD5 checksum:   359844 b90a83af3e723062b5f9ab590c67ecda
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_m68k.udeb
    Size/MD5 checksum:   208454 86533c9cd2e94209d04e938042ff25e9
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_m68k.deb
    Size/MD5 checksum:    43856 f00cf40416546eccb2b4d8a1d14b94ff
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_m68k.deb
    Size/MD5 checksum:   678792 1e51d7c3ace5e00736dfe1082665a0aa

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_mipsel.deb
    Size/MD5 checksum:   735756 60e2a76fe143e22ec18e968407efff2b
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_mipsel.deb
    Size/MD5 checksum:   376574 465eeacb3d5069ce4011afe790eec611
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_mipsel.udeb
    Size/MD5 checksum:   224484 747637f4000b1255ed79165f31306e26
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_mipsel.deb
    Size/MD5 checksum:    91516 861bc134ad1e3b8f636c7cb04f920146

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_powerpc.deb
    Size/MD5 checksum:    81972 21c655f4a0f23ac0156a4e647eef3c6b
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_powerpc.udeb
    Size/MD5 checksum:   227788 471baf7fc8deab7573a3874d69eb7fc4
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_powerpc.deb
    Size/MD5 checksum:   379710 6d2395c5493b22950e03ed7076f06053
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_powerpc.deb
    Size/MD5 checksum:   730048 ce12974d2c15211717e33f259baf80de

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_s390.deb
    Size/MD5 checksum:   752418 b760ce325b6248fe570ccf8308e96988
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_s390.deb
    Size/MD5 checksum:   400292 5acc947b96fb8cf2a2b938c9755a9b0a
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_s390.udeb
    Size/MD5 checksum:   248410 b5adecd81d13a3a783d75c3b0e8766ef
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_s390.deb
    Size/MD5 checksum:    76220 a7d6d405020b46a63962f52e1b6eb220

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_sparc.deb
    Size/MD5 checksum:   699932 1547efb201ad609d8bc63bcdb344913e
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_sparc.deb
    Size/MD5 checksum:    68420 39bc0471fa54e84d3aec973146b15019
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_sparc.udeb
    Size/MD5 checksum:   212702 1bc5e538b41f82dc55185d8a25d3199f
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_sparc.deb
    Size/MD5 checksum:   364122 420a5cf5e3886648551f47c6a132971e


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGnnVNwM/Gs81MDZ0RAmbAAKC/T6BWVaJUONgHB1mVcx+oawekmQCeIXPB
SwnW3gwFpkVZOPLkziD4IDs=
=pWYp
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRp7Q3yh9+71yA2DNAQK0qQP/VHCyesAqY8kJXsXx9exuAuHSs8V6dQ5t
cB9zFfcA4jUX77hghAvwg8q79XYvpkbm//japwipyO8hiIQ3Dtobg5hGkNSHwbH9
ylqXlzbBZu6jAGQqfikBNo2YvE23IBzRN7VMnc97lk5nkIG5DCNLEl/DsVfJC9q5
oEMS17pgPQ4=
=XEEw
-----END PGP SIGNATURE-----