[SECURITY] [DLA 1065-1] fontforge security update

[Thorsten Alteholz <debian@alteholz.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : fontforge
Version        : 0.0.20120101+git-2+deb7u1
CVE ID         : CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572
                 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577

FontForge is vulnerable to heap-based buffer over-read in several 
functions, resulting in DoS or code execution via a crafted otf file:


For Debian 7 "Wheezy", these problems have been fixed in version
0.0.20120101+git-2+deb7u1.

We recommend that you upgrade your fontforge packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZoY9KXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH3JYP/jRc+ajJdIr7GKjvyr+5p3Z5
82N4fXx2GZntm6TrVUnaiDHVWOYK26Q4dOmUcBzZNapxHJ6a457t1fNJOIQyhmha
O8+azo/h3c51X9Ot/Nth+xPPfyJt0kPMJRx7chdnFcAIv5Qd4eICaRivN37jrtsr
UCSprnA1R+H7WNUpsfq3TrpvpJKdLkBP+UXwhEhTnPbe7ybTgw+S0nGWal1/eOKL
xu3tRuAzvH2zqaDlIyaGK4+bI+b7E2lAxm0s9yHXg47ubKIxUaZcPyayYsU1ruXc
rRGWzc1eoIwXfd/g+e9C0Akg7Q79w0+FYS8V5mg2yUVZI9MxeuY0qRt6e2VYaCUr
tFgE1faleEg/F7V5i5uZl8o7cU3sHBO/caX4bL18ci4ms0yUn1eGUf/rtODHVWc2
ZOi9s6Cj7De4FGYLuc30H26fohtMxOiDQlCwKHDzTlTlHcXVO3ER/VR2roz7lkw1
emOCGj0DHcWbNOeIGatsWRcWkWKMWY8ZGisVGUZWIi5l97e1EXTykjTuH5+OAydk
9ouL97VkDvX3frLBj7HfYl+D2cjT4n5/KxHQqXPy7lFWppR0BvK041SqgH94mACe
j+eldresI01EjPM3OcaWaDu8WmLd5Ym/zdqoOsQ8NUl7wwrkhLvYVa8/Zx8bMAQ+
a8StWy23G06gnbyLowpG
=ySS9
-----END PGP SIGNATURE-----