From ed1e1f09f1a02b5fb64ecaaa2d2c1ad889848e27 Mon Sep 17 00:00:00 2001 From: Lev Lamberov Date: Thu, 22 Oct 2020 12:14:22 +0500 Subject: [SECURITY] [DSA 4777-1] freetype security update --- english/security/2020/dsa-4777.data | 13 +++++++++++++ english/security/2020/dsa-4777.wml | 21 +++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 english/security/2020/dsa-4777.data create mode 100644 english/security/2020/dsa-4777.wml diff --git a/english/security/2020/dsa-4777.data b/english/security/2020/dsa-4777.data new file mode 100644 index 00000000000..b564904b36f --- /dev/null +++ b/english/security/2020/dsa-4777.data @@ -0,0 +1,13 @@ +DSA-4777-1 freetype +2020-10-21 +CVE-2020-15999 Bug#972586 +freetype +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2020/dsa-4777.wml b/english/security/2020/dsa-4777.wml new file mode 100644 index 00000000000..01075eff149 --- /dev/null +++ b/english/security/2020/dsa-4777.wml @@ -0,0 +1,21 @@ +security update + +

Sergei Glazunov discovered a heap-based buffer overflow vulnerability in +the handling of embedded PNG bitmaps in FreeType. Opening malformed +fonts may result in denial of service or the execution of arbitrary +code.

+ +

For the stable distribution (buster), this problem has been fixed in +version 2.9.1-3+deb10u2.

+ +

We recommend that you upgrade your freetype packages.

+ +

For the detailed security status of freetype please refer to its +security tracker page at: +\ +https://security-tracker.debian.org/tracker/freetype

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2020/dsa-4777.data" +# $Id: $ -- cgit v1.2.3