Control: tags -1 + confirmed d-i

On Thu, 2022-04-28 at 22:21 +1000, Hugh McMaster wrote:
> This update fixes three security vulnerabilities in FreeType
> 2.10.4+dfsg-1.
> - CVE-2022-27404: heap buffer overflow via invalid integer decrement
> in
> sfnt_init_face() and woff2_open_font().
> - CVE-2022-27405: segmentation violation via ft_open_face_internal()
> when
> attempting to read the value of FT_LONG face_index.
> - CVE-2022-27406: segmentation violation via FT_Request_Size() when
> attempting
> to read the value of an unguarded face size handle.
> It would be ideal to get these fixes into Bullseye.

This looks OK to me, but as freetype builds a udeb it will want a KiBi-
ack; CCed and tagging accordingly.



Reply via email to