[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#859625: unblock: freetype/2.6.3-3.1



Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package freetype
> 
> The update fixes CVE-2016-10244, tracked as #856971.
> 
> The parse_charstrings function in does not ensure that a font contains
> a glyph name, which allows remote attackers to cause a denial of
> service via a crafted file.
> 
> Does not warrant a DSA for stable, but would be nice to have it
> already fixed for stretch.
> 
> Needs a d-i 'ack' if accepted.
> 
> unblock freetype/2.6.3-3.1
> 
> Attached debdiff against the version in stretch.
> 
> Regards,
> Salvatore
> 
> [...]

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels


Reply to: