Debian Security Advisory
DLA-319-1 freetype -- LTS security update
- Date Reported:
- 30 Sep 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 798619, Bug 798620.
In Mitre's CVE dictionary: CVE-2014-9745, CVE-2014-9746, CVE-2014-9747.
- More information:
Sergey Gorbaty reported issues related to the FreeType font engine. FreeType improperly handled certain malformed font files, allowing remote attackers to cause a Denial of Service when specially crafted font files were used.
For Debian 6
Squeeze, these issues have been fixed in freetype version 2.4.2-2.1+squeeze6. We recommend you to upgrade your freetype packages.