[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 918-1] freetype security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : freetype
Version        : 2.4.9-1.1+deb7u6
CVE ID         : CVE-2017-8105
Debian Bug     : 861220 860303

It was found that an out of bounds write caused by a heap-based buffer
overflow could be triggered in freetype via a crafted font.

This update also reverts the fix for CVE-2016-10328, as it was
determined that freetype 2.4.9 is not affected by that issue.

For Debian 7 "Wheezy", these problems have been fixed in version
2.4.9-1.1+deb7u6.

We recommend that you upgrade your freetype packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlkAweMACgkQnUbEiOQ2
gwK25BAAnQ/yS80twcmYiEx76A6ygxUwCLwl3M7kia5YqRvmRqKVe+7ksaGT6Izf
PXpWzmElqjd6jKVVoqO4/jpCJKIpnbbbDvAMbg9ZkqFBMkC4A8Rajz1SB6MajWyU
IfeCPtHH3HsWAAA7QHDM1aO/2DNcMiqd2rZl/g8ZFpAFuJCRk9h6aPs4r5ZFUsIz
6+HeVXCzTLxJLwbq9JNewz7AHd7u+M9USAjdkSZrlkU2PuOMtuvlweYltdYzeJ1N
6pT4RXexFnp6JNZfl83D9rCXNMgA1uYrMmvq6NKiFOP1ZMHWQ7Kv9G1/jTOHs7Dk
VX6J2zk3Samrr6ntwQga1IHEFE8IKzujvSKUyanPbr/8ES2K5X55Lxu7XI7EpcY0
CVIlUlhffeGF3B+4WkL+8oZF98MoMHGkQprRDwKnc4WZ1FSOTcSMgm3oJRdyx7WQ
9MFZzdwklN/E0DeViMwrTogyVqZU33K/U7G0ODFkRrAuZwH+iAJwctn3GU9CMuGS
CEtgBRsSKET7ikPQyY64NEiHhoX5jXj0i8NJMC+zGeAE8g1k9SfX1PPUM4c0AcMZ
p6jQgc9xDc+7udLkJrstjS8OQD1b3kD3S78VuPbpLqgwtryLytHzj2uQJj64Brec
mMcoteF9hNH36aiyQFxiMxourvtm6dIwuMjs77lmaSq7XcFfaV4=
=gKIy
-----END PGP SIGNATURE-----
Reply to: