Bug#1129606: marked as done (freetype: CVE-2026-23865)

Debian Bug Tracking System Sat, 07 Mar 2026 03:59:18 -0800

Your message dated Sat, 07 Mar 2026 11:57:28 +0000
with message-id <[email protected]>
and subject line Bug#1129606: fixed in freetype 2.14.2+dfsg-1
has caused the Debian Bug report #1129606,
regarding freetype: CVE-2026-23865
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1129606: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: freetype
Version: 2.14.1+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for freetype.

CVE-2026-23865[0]:
| An integer overflow in the tt_var_load_item_variation_store function
| of the Freetype library in versions 2.13.2 and 2.13.3 may allow for
| an out of bounds read operation when parsing HVAR/VVAR/MVAR tables
| in OpenType variable fonts. This issue is fixed in version 2.14.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-23865
    https://www.cve.org/CVERecord?id=CVE-2026-23865
[1] 
https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: freetype
Source-Version: 2.14.2+dfsg-1
Done: Hugh McMaster <[email protected]>

We believe that the bug you reported is fixed in the latest version of
freetype, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated freetype package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Mar 2026 21:55:55 +1100
Source: freetype
Architecture: source
Version: 2.14.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Hugh McMaster <[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 1129606
Changes:
 freetype (2.14.2+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 2.14.2:
     - Setting filter weights with FT_Face_Properties is no longer supported.
     - The legacy libXft LCD filter algorithm is no longer provided.
     - Various bug fixes, including for CVE-2026-23865 (integer overflow
       in the tt_var_load_item_variation_store function) (Closes: #1129606).
   * debian/control: Use ${source:*} replacement where possible.
   * debian/copyright: Update Debian copyright for 2026.
   * debian/patches: Refresh ftoption.patch.
Checksums-Sha1:
 2f5ae85707fa2115ffa8c44682092fc06fa5a12b 4011 freetype_2.14.2+dfsg-1.dsc
 cccaa9ec2e4327901fafd6e830885dc9131d9c2d 347364 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz
 2325a5bfa2179a45ca452f04a2793b75f9ebaf53 833 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz.asc
 adf5448cb668073545ba87b23cff21a08b56d3de 2176140 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz
 35d60e5c509364bf72c5491ffd8b2ed4193ed74f 833 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz.asc
 f92d8dbe817c855d30a3f4e7aea8f31b446653d1 2246044 
freetype_2.14.2+dfsg.orig.tar.xz
 0226bbeef6646d42ce85525352b83c45da0a82e9 44108 
freetype_2.14.2+dfsg-1.debian.tar.xz
 8c7a1e10b97f4873577532895e03ac9b3a3a72d6 6312 
freetype_2.14.2+dfsg-1_source.buildinfo
Checksums-Sha256:
 023b652a0f69e156fcddea9efa3b1862d6825cdc8bb0fc90ecea11a9912e7d1f 4011 
freetype_2.14.2+dfsg-1.dsc
 ae9ed4b095e73a3fbdb90363c138ea62ac4b0f55aa4bb345b9b2458783f9284f 347364 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz
 96e70ae6a1ee502ad6be9ec37ed32e11cb95f14d074863b9ca167468ccb0a8d9 833 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz.asc
 0514edfd6a7b480f753aa48789d7112038a218b0b06afdca320c4bcbc2f66e6b 2176140 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz
 67ca2966fa57ab5324c87c61dd7bd8ead5101e15e162dcf6b33705c6b5f331ad 833 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz.asc
 9a2bdc2c992fa82a309eccf5e8bcbf2a380a98ba22f9f2ec7e56767739a19a0a 2246044 
freetype_2.14.2+dfsg.orig.tar.xz
 74aad036b35a207c1dc7c262b52ba93eca1edafb8aaef16a26eccad71e82de84 44108 
freetype_2.14.2+dfsg-1.debian.tar.xz
 f064f494b51b60287505e063a18290329e6d20d505ce0e3386313b2581d3a714 6312 
freetype_2.14.2+dfsg-1_source.buildinfo
Files:
 43cae5d63d0962ae3f96215b4c28f5ca 4011 libs optional freetype_2.14.2+dfsg-1.dsc
 127967906d519538b1acb85930e29eb2 347364 libs optional 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz
 e9e1a278fcd314e6ce4e8b79b0adb900 833 libs optional 
freetype_2.14.2+dfsg.orig-ft2demos.tar.xz.asc
 ec49ba31c073c577e8a6abdaec8a4c69 2176140 libs optional 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz
 5c17646c9ccfb08bc236f62e22a355cd 833 libs optional 
freetype_2.14.2+dfsg.orig-ft2docs.tar.xz.asc
 146a54f364d504c1577f317cb80449e5 2246044 libs optional 
freetype_2.14.2+dfsg.orig.tar.xz
 5eb717b3f27a3349c6023687d473c1ff 44108 libs optional 
freetype_2.14.2+dfsg-1.debian.tar.xz
 3206801c16990c34230991fc6d7bb64b 6312 libs optional 
freetype_2.14.2+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEOiCBPKV5RoaMUVIRWsYQdMXoG8QFAmmsCRsPHGhtY0BkZWJp
YW4ub3JnAAoJEFrGEHTF6BvEXycP/3yz/0VrlwyXICTYyVmHc1J+5RJjPH9Ji9N6
Wx4fDnwuuSMp00QFqGsB5WLc4VarFZZlvUo5qSiKmWn3iI5R3kBi8U6bF38Q0LaW
QBlrz+WG2XhVMKqOg4oBbywa2dLEalg/dS8bRiPyKh0bAV5+xjHzlCY1Qspz9QFW
2x1P+scOHH9WJbA3N35zW8vtVzPUOWHPJeWqFx6y/s1YVrgEec0SMnQqMK795MbY
0GZ3cNh7Rfk22rCMbt8p2Vu/AB51/to5s+sdF1ocwPVnFxRC9lMxLkszbeBp8u/V
GW+qagVPF2dRLtVykO6GjeGDF7/za8WnEyj21HanGp8KvYF9WqanlmMki9HvcL27
TkKxu6eBo90LDy5dKZMWBMYlSVomjuE7GYMMbEvZhhn2iWG5Ev0fFHpf/YFdRwAo
YWrwzWCucgJdZplctzWcdyeIPsWoNUuR0BqofUe3+yzrcrAM/tMQ1CVH6mP7NyjF
1yCbMNokFnq6SlA7XvDp4X9UT0WPBz/uYzzSq3F6CcrK9WAoGpioBox6njY20M2c
Ozj04zWs4cB5rYMDB1U+BR/swOpeVkexLwaumZA43btqo8NvRwdUXcpPm1Af2bW3
choggNFP8vIGJ3OXveJBKbrCvTUiLPrDU/AODx+yp9fOrniYcHoz6PnJkYhLPHIZ
/79QODhf
=Oyc5
-----END PGP SIGNATURE-----

pgprAHN98fJSZ.pgp
Description: PGP signature

--- End Message ---

Bug#1129606: marked as done (freetype: CVE-2026-23865)

Reply via email to