-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3754-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 08, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : fontforge Version : 1:20170731~dfsg-1+deb10u1 CVE ID : CVE-2020-5395 CVE-2020-5496 CVE-2024-25081 CVE-2024-25082 Debian Bug : 948231 1064967 Multiple vulnerabilities have been fixed in the font editor FontForge. CVE-2020-5395 Use-after-free in SFD_GetFontMetaData() CVE-2020-5496 Buffer overflow in Type2NotDefSplines() CVE-2024-25081 Spline Font command injection via crafted filenames CVE-2024-25082 Spline Font command injection via crafted archives or compressed files For Debian 10 buster, these problems have been fixed in version 1:20170731~dfsg-1+deb10u1. We recommend that you upgrade your fontforge packages. For the detailed security status of fontforge please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fontforge Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXqScIACgkQiNJCh6LY mLGnbxAAjqsbQsra6fVc4VcatB/sNeM6/Ox7oK79y3TKKasq0/rcyY3eB47Jf+// 8nz3Uz+aM/NNCBXTdtVcJ8gws78dfvwlBacwZ8NcA0ZhSrw4NyW6neWHGpqoKwbh 0s2+PdI257mg47C/72hJj/L/S+QGwk7oS5Y0tsjIV0r/wKowxJX39qkg29AqzaWX CIXdNp/QhkKekAkQhksNPr7om4BqoAxrpjq6NrPATsOhFhFScKUenINgBqoI2nT3 5meC1Ctp3zFVZSNJZxfigDyNCxUKadYGpovpXPZrbUEV5FJrOlU9Y3CsDNAM6ojg tSOIe/ityqxxd20/MklZakRdAGzmOKuGkEgjR0+vm+w64XDblGCkV1UVG9WPnFV+ VcPPUalX0J/2gimT1YmXoNgrJ/5SqXFNks2FcYtH6fUCyx5WIQHZWxevNe2zhmtS lj3u6cuh3FcZkzewJMcx6CykIh4p9yDEiKTmx2V2ZCJ/BwJ5PVJ5hkUPwFdWUlJh Al/zZxvJdbeB4Aab6Ai5DosLBtHxiIYmK4HtcVXm7iJ5u34ZIAtZ35uRPmtwpDLi JxqU12QzPnYtwbBX1WdBhoGCQ/jwLy7N2gIWQlqU5n9rI1R4os+pVQ0/RLp7vlZ8 IzMGfWxKXU3ld/uoAGMQTfZdtJUXz0Xff10V2NK9oEkZqDCnm44= =eNmN -----END PGP SIGNATURE-----