Re: [SECURITY] [DLA 918-1] freetype security update

To: Bolesław Tokarski <btokarski@opera.com>
Cc: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 918-1] freetype security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 27 Apr 2017 11:16:04 +0200
Message-id: <[🔎] 20170427091604.GA30401@inutil.org>
In-reply-to: <[🔎] 5681174.NNBnHsykpM@btokarski>
References: <853dcb16-7b78-fddd-29c0-4bad6bea3c7d@debian.org> <[🔎] 5681174.NNBnHsykpM@btokarski>

On Thu, Apr 27, 2017 at 10:55:51AM +0200, Bolesław Tokarski wrote:
> I'm curious to see the version scope/some proof of a particular version not 
> being affected by CVE-2016-10328.

See https://security-tracker.debian.org/tracker/CVE-2016-10328
 
> The reason I'm asking is because I'm maintaining a backport of the jessie 
> 2.5.2-3 to wheezy and it seems that jessie one did not receive any of the 
> mentioned CVE fixes despite the debian-lts team prepared another patch for 
> 2.4.9 already.

CVE-2016-10244 was only scheduled for the next point release due to low
impact, but in the light of the new CVE-2017-8105, it'll be fixed in a DSA
as well.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 918-1] freetype security update
  - From: Bolesław Tokarski <btokarski@opera.com>

References:
- Re: [SECURITY] [DLA 918-1] freetype security update
  - From: Bolesław Tokarski <btokarski@opera.com>

Prev by Date: Re: [SECURITY] [DLA 918-1] freetype security update
Next by Date: Re: [SECURITY] [DLA 918-1] freetype security update
Previous by thread: Re: [SECURITY] [DLA 918-1] freetype security update
Next by thread: Re: [SECURITY] [DLA 918-1] freetype security update
Index(es):
- Date
- Thread