Bug#859625: unblock: freetype/2.6.3-3.1

To: Salvatore Bonaccorso <carnil@debian.org>, 859625@bugs.debian.org
Cc: Cyril Brulebois <kibi@debian.org>
Subject: Bug#859625: unblock: freetype/2.6.3-3.1
From: Niels Thykier <niels@thykier.net>
Date: Wed, 05 Apr 2017 10:47:00 +0000
Message-id: <[🔎] d869f33f-2897-7e81-a900-5186765200e1@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 859625@bugs.debian.org
In-reply-to: <[🔎] 149138889184.19431.11681145532876561147.reportbug@lorien.valinor.li>
References: <[🔎] 149138889184.19431.11681145532876561147.reportbug@lorien.valinor.li>

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package freetype
> 
> The update fixes CVE-2016-10244, tracked as #856971.
> 
> The parse_charstrings function in does not ensure that a font contains
> a glyph name, which allows remote attackers to cause a denial of
> service via a crafted file.
> 
> Does not warrant a DSA for stable, but would be nice to have it
> already fixed for stretch.
> 
> Needs a d-i 'ack' if accepted.
> 
> unblock freetype/2.6.3-3.1
> 
> Attached debdiff against the version in stretch.
> 
> Regards,
> Salvatore
> 
> [...]

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#859625: unblock: freetype/2.6.3-3.1
  - From: Cyril Brulebois <kibi@debian.org>

References:
- Bug#859625: unblock: freetype/2.6.3-3.1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#859625: unblock: freetype/2.6.3-3.1
Next by Date: Bug#859615: marked as done (unblock: ki18n/5.28.0-2)
Previous by thread: Bug#859625: unblock: freetype/2.6.3-3.1
Next by thread: Bug#859625: unblock: freetype/2.6.3-3.1
Index(es):
- Date
- Thread