Bug#859625: unblock: freetype/2.6.3-3.1

To: Niels Thykier <niels@thykier.net>
Cc: Salvatore Bonaccorso <carnil@debian.org>, 859625@bugs.debian.org
Subject: Bug#859625: unblock: freetype/2.6.3-3.1
From: Cyril Brulebois <kibi@debian.org>
Date: Wed, 5 Apr 2017 16:00:10 +0200
Message-id: <[🔎] 20170405140010.GC8151@mraw.org>
Reply-to: Cyril Brulebois <kibi@debian.org>, 859625@bugs.debian.org
In-reply-to: <[🔎] d869f33f-2897-7e81-a900-5186765200e1@thykier.net>
References: <[🔎] 149138889184.19431.11681145532876561147.reportbug@lorien.valinor.li> <[🔎] d869f33f-2897-7e81-a900-5186765200e1@thykier.net>

Niels Thykier <niels@thykier.net> (2017-04-05):
> Salvatore Bonaccorso:
> > Please unblock package freetype
> > 
> > The update fixes CVE-2016-10244, tracked as #856971.
> > 
> > The parse_charstrings function in does not ensure that a font contains
> > a glyph name, which allows remote attackers to cause a denial of
> > service via a crafted file.
> > 
> > Does not warrant a DSA for stable, but would be nice to have it
> > already fixed for stretch.
> > 
> > Needs a d-i 'ack' if accepted.

No objections.


KiBi.

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#859625: unblock: freetype/2.6.3-3.1
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#859625: unblock: freetype/2.6.3-3.1
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Bug#859490: unblock: haproxy/1.7.5-1 (pre-approval)
Next by Date: Bug#859625: marked as done (unblock: freetype/2.6.3-3.1)
Previous by thread: Bug#859625: unblock: freetype/2.6.3-3.1
Next by thread: Bug#859625: marked as done (unblock: freetype/2.6.3-3.1)
Index(es):
- Date
- Thread