On Sun May 27, 2007 at 12:47:58 +0200, Moritz Muehlenhoff wrote: > I guess we should fix this, it's indirectly remotely exploitable at least > by providing someone a malformed TTF font file. As libfreetype is an important > infrastructure library there might also be unforeseen indirect attack > vectors, like embedding TTFs in other document types, etc.
Agreed. > Steve Kemp wanted to work on a DSA, so you should probably check back > with him before preparing an upload. I was planning on handling this yes, so if there were a fixed package available for Etch then I'd appreciate seeing it. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]