[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Update of the backported freetype package


* Salvatore Bonaccorso <carnil@debian.org> [2013-01-07 17:49:24 CET]:
> I noticed you backported freetype for the last version. There was a
> update via t-p-u for Wheezy:
>     [SECURITY] CVE-2012-5668: NULL Pointer Dereference in bdf_free_font.
>     (Closes: #696691)
>     [SECURITY] CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs.
>     (Closes: #696691)
>     [SECURITY] CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs.
>     (Closes: #696691)
> Would it be possible to prepare an updated backport for freetype?
> Might need also a BSA number for this? (not sure as it's not a grave 

 If you want to prepare a BSA, please use 078 for it.

 In general - I'm terrible sorry that I didn't approve any BSA over the
last few weeks.  One part of my new year's resolution is to increase my
throughput and respond more timely to these things, and I've started
with improving the way I process mails. :)

Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to: