Re: libfreetype6 mitigations?

To: debian-user@lists.debian.org
Subject: Re: libfreetype6 mitigations?
From: Richmond <dnomhcir@gmx.com>
Date: Thu, 13 Mar 2025 13:55:03 +0000
Message-id: <[🔎] 86jz8txcg8.fsf@example.com>
References: <[🔎] 86bju5faoq.fsf@example.com> <[🔎] 20250313132936.3hvkqbmnhaj2jzgi@randomstring.org>

Dan Ritter <dsr@randomstring.org> writes:

> Richmond wrote: 
>> Is there anything that can be done to mitigate against the vulnerability
>> which is apparently according to Bleeping Computer being exploited
>> arbitrary code execution? I looked into upgrading that package to the
>> testing version but I think it would cause problems.
>>
>
>
> https://security-tracker.debian.org/tracker/CVE-2025-27363
>
> It's being tracked. Expect a fix in a few days.
>

Thanks. Do you think preventing pages from loading their own fonts (in
firefox) would stop the attack?

Reply to:

Follow-Ups:
- Re: libfreetype6 mitigations?
  - From: Dan Ritter <dsr@randomstring.org>

References:
- libfreetype6 mitigations?
  - From: Richmond <dnomhcir@gmx.com>
- Re: libfreetype6 mitigations?
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: libfreetype6 mitigations?
Next by Date: Re: yt-dlp search syntax?
Previous by thread: Re: libfreetype6 mitigations?
Next by thread: Re: libfreetype6 mitigations?
Index(es):
- Date
- Thread