Niels Thykier <niels@thykier.net> (2017-04-05): > Salvatore Bonaccorso: > > Please unblock package freetype > > > > The update fixes CVE-2016-10244, tracked as #856971. > > > > The parse_charstrings function in does not ensure that a font contains > > a glyph name, which allows remote attackers to cause a denial of > > service via a crafted file. > > > > Does not warrant a DSA for stable, but would be nice to have it > > already fixed for stretch. > > > > Needs a d-i 'ack' if accepted. No objections. KiBi.
Attachment:
signature.asc
Description: Digital signature