[SECURITY] [DLA 848-1] freetype security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 848-1] freetype security update
From: Chris Lamb <lamby@debian.org>
Date: Tue, 07 Mar 2017 12:02:39 +0000
Message-id: <[🔎] 1488888159.2248691.903127128.6D4D8A61@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : freetype
Version        : 2.4.9-1.1+deb7u4
CVE ID         : CVE-2016-10244
Debian Bug     : #856971

It was discovered that there was a denial of service vulnerability in freetype,
a font rendering library.

The parse_charstrings function did not ensure that a font contains a glyph
name, which allowed remote attackers to cause a denial of service via a
specially-crafted file.

For Debian 7 "Wheezy", this issue has been fixed in freetype version
2.4.9-1.1+deb7u4.

We recommend that you upgrade your freetype packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAli+oVcACgkQHpU+J9Qx
HlgVGw//XFaJWyDAd38TXQytLzkMN1r5zIYJPHT+o8BMgRezmBd1ZxkTy1CYFtiE
9hJeFo2SkR5q0YU4P0qzuBJT19LdXjfQtcHmOS/ddVdEcR4WAxl5RN789z+SzHwy
UpDDSKSufdD5XCgEJeINtyKFfxSh4S/Wp6jeu0FhF+ZOAlKUp5X99YeF1Vp2iIFG
uAihcc3UQL3HObQMyKcGlfpJk6UvtN6k0GC1qJI040Ku7y/REsfRAI6ylJBG/odI
fYrLARt0mX1fJjacQH0deV1on9orbxNKeyAMWlAyR1aBMyspB9bmu+LcRC1F9sIH
Fw8IF8KBUaymNyIjBZb+AdbLRJZxz8cPRd7f7gWjh+txc2SnIOs3tA/hWe26TUVv
uK3CkRb+fXck96ujCAAcr6BL2IygWJD657i5gfIXaHB+DlqmYwzT+u/nHFk0nXQo
RY88JfWltbOvmaVsCseWsG6MVukSLtYfEC95ChrC39n6iO8oHwLNr0r7YBsT1Uy7
ziAw3JxBsG/rUPc5liFlrjFyoejrxGNJKCIBfxK7pHQzZmqMZE33HgNaHvL2DEse
l89DVtgN8paeMx3NQpAdASTxKTP9I//v8SbRqOuLdzb7J9yBGtPbh4yWglfmsPa5
HSsCYLbm/pDeufE2dsj6reFP6CaP2X+KzVmGF9a6w7YdhHd4vDc=
=qril
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 846-1] libzip-ruby security update
Next by Date: [SECURITY] [DLA 847-1] texlive-base security update
Previous by thread: [SECURITY] [DLA 846-1] libzip-ruby security update
Next by thread: [SECURITY] [DLA 847-1] texlive-base security update
Index(es):
- Date
- Thread