Source: freetype Version: 2.6.3-3.1 Severity: important Tags: security patch upstream Forwarded: https://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858 Control: fixed -1 2.7.1-0.1
Hi, the following vulnerability was published for freetype. CVE-2016-10328[0]: | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a | heap-based buffer overflow related to the cff_parser_run function in | cff/cffparse.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10328 [1] https://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858 [2] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8 [3] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
