Control: tags -1 + confirmed d-i On Thu, 2022-04-28 at 22:21 +1000, Hugh McMaster wrote: > This update fixes three security vulnerabilities in FreeType > 2.10.4+dfsg-1. > > - CVE-2022-27404: heap buffer overflow via invalid integer decrement > in > sfnt_init_face() and woff2_open_font(). > - CVE-2022-27405: segmentation violation via ft_open_face_internal() > when > attempting to read the value of FT_LONG face_index. > - CVE-2022-27406: segmentation violation via FT_Request_Size() when > attempting > to read the value of an unguarded face size handle. > > It would be ideal to get these fixes into Bullseye.
This looks OK to me, but as freetype builds a udeb it will want a KiBi- ack; CCed and tagging accordingly. Regards, Adam