Bug#859625: unblock: freetype/2.6.3-3.1
Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi
>
> Please unblock package freetype
>
> The update fixes CVE-2016-10244, tracked as #856971.
>
> The parse_charstrings function in does not ensure that a font contains
> a glyph name, which allows remote attackers to cause a denial of
> service via a crafted file.
>
> Does not warrant a DSA for stable, but would be nice to have it
> already fixed for stretch.
>
> Needs a d-i 'ack' if accepted.
>
> unblock freetype/2.6.3-3.1
>
> Attached debdiff against the version in stretch.
>
> Regards,
> Salvatore
>
> [...]
Ack from here, CC'ing KiBi for a d-i ack.
Thanks,
~Niels
Reply to: