-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : freetype Version : 2.4.9-1.1+deb7u6 CVE ID : CVE-2017-8105 Debian Bug : 861220 860303
It was found that an out of bounds write caused by a heap-based buffer overflow could be triggered in freetype via a crafted font. This update also reverts the fix for CVE-2016-10328, as it was determined that freetype 2.4.9 is not affected by that issue. For Debian 7 "Wheezy", these problems have been fixed in version 2.4.9-1.1+deb7u6. We recommend that you upgrade your freetype packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlkAweMACgkQnUbEiOQ2 gwK25BAAnQ/yS80twcmYiEx76A6ygxUwCLwl3M7kia5YqRvmRqKVe+7ksaGT6Izf PXpWzmElqjd6jKVVoqO4/jpCJKIpnbbbDvAMbg9ZkqFBMkC4A8Rajz1SB6MajWyU IfeCPtHH3HsWAAA7QHDM1aO/2DNcMiqd2rZl/g8ZFpAFuJCRk9h6aPs4r5ZFUsIz 6+HeVXCzTLxJLwbq9JNewz7AHd7u+M9USAjdkSZrlkU2PuOMtuvlweYltdYzeJ1N 6pT4RXexFnp6JNZfl83D9rCXNMgA1uYrMmvq6NKiFOP1ZMHWQ7Kv9G1/jTOHs7Dk VX6J2zk3Samrr6ntwQga1IHEFE8IKzujvSKUyanPbr/8ES2K5X55Lxu7XI7EpcY0 CVIlUlhffeGF3B+4WkL+8oZF98MoMHGkQprRDwKnc4WZ1FSOTcSMgm3oJRdyx7WQ 9MFZzdwklN/E0DeViMwrTogyVqZU33K/U7G0ODFkRrAuZwH+iAJwctn3GU9CMuGS CEtgBRsSKET7ikPQyY64NEiHhoX5jXj0i8NJMC+zGeAE8g1k9SfX1PPUM4c0AcMZ p6jQgc9xDc+7udLkJrstjS8OQD1b3kD3S78VuPbpLqgwtryLytHzj2uQJj64Brec mMcoteF9hNH36aiyQFxiMxourvtm6dIwuMjs77lmaSq7XcFfaV4= =gKIy -----END PGP SIGNATURE-----
