1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4777-1] freetype security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Oct 21 21:10:03 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4777-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 21, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : freetype
    CVE ID : CVE-2020-15999
    Debian Bug : 972586

    Sergei Glazunov discovered a heap-based buffer overflow vulnerability in
    the handling of embedded PNG bitmaps in FreeType. Opening malformed
    fonts may result in denial of service or the execution of arbitrary
    code.

    For the stable distribution (buster), this problem has been fixed in
    version 2.9.1-3+deb10u2.

    We recommend that you upgrade your freetype packages.

    For the detailed security status of freetype please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/freetype

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+QhBxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SNTg/8D0ukVML1ivJ2TRyjT/rqj0EekU5i2ah84y70r1insk9GdbT8Yez7Wnqg 2/auLCQVk6buFPP4eA2w+JjZKPaBSvymR4XSCwh2xb5e5lnwVKYBdXYx2JwvpIKv B5GbvcAvsoQw891ZrB8a193pkIPFv9gqUkIJ0uCgevK7bdU0MgH7qHMaIdLofddj RO+cWszV4MCxCEm1FPbe8obPOH6Q2YoTQPGWsDQfTKyAZVrRiF0be3Oca+dC7Wp9 H66mxbOPkohGZpekBZ5eWRbh2b5qvZvzbcMmPqUI+0+zZANSClvLfqCgb6lc5RdG KMgzBOFJqRSDFl6WqplfL1Ho8IseA7vAbMaskKkKt9rMOyDp6FLsiZQkc/Ajc9E+ KSO7vIZYuNF32nEkJsejwtpTEuN18mjlBEFJqi8ppsk2zACoadKMHY+FVr8FsSrq +dweWgICVwxhvYElPNt3of+LyeywHc+P4Eloxgiv7BCZmRMsHvhuCrP90zS5kCGj 0PHbbow3P1prt3m6tTfI0lrxPCw7QKh3nWFgzETgMLgrm1limEnT00M8AewontdI ptuDuvNpNu3NRKy46uGTGrs/khXqLIbsfTKyvP35Zu1XSZfvhE5D1IuvWRiz8G2j PB5zf/eJ4Y/2V6P3ZLrWvZmAVucZG6kU75MsryI0t7ZvG+VlWDc=
    =OYoe
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)