Hi, On Sun, Mar 11, 2018 at 06:56:30PM +0100, Moritz Mühlenhoff wrote: > On Sun, Mar 11, 2018 at 02:02:22PM +0100, Rene Engelhard wrote: > > Hi, > > > > On Sun, Mar 11, 2018 at 08:43:32AM +0100, Salvatore Bonaccorso wrote: > > > CVE-2018-7999: > > > | In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference > > > | vulnerability was found in Segment.cpp during a dumbRendering > > > | operation, which may allow attackers to cause a denial of service or > > > | possibly have unspecified other impact via a crafted .ttf file. > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > > For further information see: > > > > > >  https://security-tracker.debian.org/tracker/CVE-2018-7999 > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999 > > >  https://github.com/silnrsi/graphite/issues/22 > > > > upstream fix backported. Uploaded to sid. > > > > Merged this for jessie and stretch, too. See attached debdiffs. Want me > > to upload for a DSA? > > This doesn't warrant a DSA, we can either postpone until the next more > severe graphite vulnerabity or fix it via a point update.
OK. Regards, Rene