Re: [SECURITY] [DLA 918-1] freetype security update
On Thu, Apr 27, 2017 at 10:55:51AM +0200, Bolesław Tokarski wrote:
> I'm curious to see the version scope/some proof of a particular version not
> being affected by CVE-2016-10328.
See https://security-tracker.debian.org/tracker/CVE-2016-10328
> The reason I'm asking is because I'm maintaining a backport of the jessie
> 2.5.2-3 to wheezy and it seems that jessie one did not receive any of the
> mentioned CVE fixes despite the debian-lts team prepared another patch for
> 2.4.9 already.
CVE-2016-10244 was only scheduled for the next point release due to low
impact, but in the light of the new CVE-2017-8105, it'll be fixed in a DSA
as well.
Cheers,
Moritz
Reply to: