Bug#1064967: fontforge DSA (was: Re: Bug#1064967: fontforge: diff for NMU version 1:20230101~dfsg-1.1)
Hi Adrian,
On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote:
> On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote:
> > Hi Adrian,
>
> Hi Salvatore,
>
> > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote:
> > > Control: tags 1064967 + patch
> > > Control: tags 1064967 + pending
> > >
> > > Dear maintainer,
> > >
> > > I've prepared an NMU for fontforge (versioned as 1:20230101~dfsg-1.1) and
> > > uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it.
> > >
> > > @Security team:
> > > If wanted, I could afterwards also prepare (pu or DSA) updates for
> > > bookworm and bullseye.
> >
> > We came to the conclusion that it warrants a DSA. Could you prepare
> > debdiffs for bookworm-security and bulseye-security?
>
> the debdiffs are attached.
>
> Tested on both releases with the PoCs from [1] and that opening a normal
> compressed font still works.
Thanks for the debdiffs and providing as well the done testing
background.
Please do upload to security-master (both will need to be built with
-sa).
Regards,
Salvatore
Reply to: