https://bugzilla.redhat.com/show_bug.cgi?id=1887084
--- Comment #6 from Xose Vazquez Perez <[email protected]> --- (In reply to Upstream Release Monitoring from comment #4) > Latest upstream release: 2.10.4 > Current version/release in rawhide: 2.10.2-3.fc33 > URL: https://www.freetype.org > Based on the information from anitya: > https://release-monitoring.org/project/854/ CHANGES BETWEEN 2.10.3 and 2.10.4 This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling. I. IMPORTANT BUG FIXES - A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 If you use option FT_CONFIG_OPTION_USE_PNG you should upgrade immediately. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ fonts-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
