Sign me up Login

Details about package freetype

Name:	freetype (PTS)
Uploader:	Hugh McMaster <hugh.mcmaster@outlook.com> (Debian QA page)
Description:	libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files freetype2-demos - FreeType 2 demonstration programs libfreetype6-udeb - FreeType 2 font engine for the debian-installer

Package uploads

Upload #1

Information

Version:	2.6.3-3.2+deb9u3
Uploaded:	2022-05-09 14:14
Source package:	freetype_2.6.3-3.2+deb9u3.dsc
Distribution:	stretch
Section:	libs
Priority:	optional
Homepage:	http://www.freetype.org
Closes bugs:	#1010183

Changelog

 freetype (2.6.3-3.2+deb9u3) stretch; urgency=medium
 .
   * Add upstream patches to fix multiple vulnerabilities. Closes: #1010183.
     - CVE-2022-27404: heap buffer overflow via invalid integer decrement in
       sfnt_init_face().
     - CVE-2022-27405: segmentation violation via ft_open_face_internal() when
       attempting to read the value of FT_LONG face_index.
     - CVE-2022-27406: segmentation violation via FT_Request_Size() when
       attempting to read the value of an unguarded face size handle.

QA information

–
Package uses debhelper

Debhelper compatibility level 9
–
Watch file is not present
–
Package is not native

format: 1.0 (no format file)
–
The uploader is not in the package's "Maintainer" or "Uploaders" fields
User email

hugh.mcmaster@outlook.com

"Maintainer" email

vorlon@debian.org

"Uploaders" emails
- foka@debian.org
- keithp@keithp.com
–
Package has lintian warnings
freetype source
- W missing-debian-source-format
- W no-nmu-in-changelog
- W package-uses-deprecated-debhelper-compat-version
  - 9
- W superfluous-file-pattern
  - debian/copyright freetype-*/src/bdf/* (Files, line 43)
  - debian/copyright freetype-*/src/gzip/* (Files, line 31)
  - debian/copyright freetype-*/src/gzip/ftgzip.c (Files, line 35)
  - debian/copyright freetype-*/src/pcf/* (Files, line 43)
  - debian/copyright freetype-*/src/pcf/pcfutil.c (Files, line 48)
  - debian/copyright freetype-*/src/tools/ftrandom/ftrandom.c (Files, line 39)
  - debian/copyright freetype-*/vms_make.com (Files, line 27)
- I binary-control-field-duplicates-source
  - field "Section" in package libfreetype6
- I debian-rules-parses-dpkg-parsechangelog
  - (line 25)
  - (line 26)
- I debian-watch-file-is-missing
- I older-source-format
  - 1.0
- I out-of-date-standards-version
  - 3.9.7 (released 2016-02-01) (current is 4.6.0.1)
- P co-maintained-package-with-no-vcs-fields
- P insecure-copyright-format-uri
  - debian/copyright http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
- P silent-on-rules-requiring-root
- P trailing-whitespace
  - debian/changelog (line 571)
  - debian/changelog (line 604)
  - debian/changelog (line 621)
  - debian/changelog (line 727)
  - debian/changelog (line 729)
  - debian/changelog (line 746)
  - debian/changelog (line 755)
  - debian/changelog (line 87)
  - debian/control (line 18)
  - debian/control (line 55)
- P xc-package-type-in-debian-control
  - line 74
- X upstream-metadata-file-is-missing
- O quilt-build-dep-but-no-series-file
  - (override comment: two separate series files; not getting fixed without extensive changes upstream)
–
The package's .diff.gz does not modify files outside of debian/
–
Package closes bugs in a wrong way
Errors:
- Bug #1010183 is closed
- src:freetype:
  - #1010183 (Important): freetype: CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
–
No VCS field present
–
Package is already in Debian
- The package uploader is currently maintaining freetype in Debian
- Last upload was on the 2022-05-08
–
d/copyright is in DEP5 format

author: freetype-devel@nongnu.org

licenses: OpenGroup-BSD-like, GZip, BSD-3-Clause, Catharon-OSL, GPL-2+ or FTL, BSD-2-Clause

Comments

No comments

author:	freetype-devel@nongnu.org
licenses:	OpenGroup-BSD-like, GZip, BSD-3-Clause, Catharon-OSL, GPL-2+ or FTL, BSD-2-Clause