Boudewijn Dijkstra wrote: > Op Wed, 04 Mar 2015 23:12:07 +0100 schreef Ted Unangst <[email protected]>: > > Freetype (http://www.freetype.org/) 2.5.5 was released a little while ago, > > fixing some security vulnerabilities. Actually as I understand it, 2.5.4 > > fixed the vulns, then 2.5.5 fixed the fix. > > > > OpenBSD 5.7 will ship with 2.5.5; 5.6 shipped with 2.5.3 and is therefore > > vulnerable. > > > > [...] > > > > Unfortunately, the FreeType project does not appear to have made these > > patches > > available separately from the releases, which makes it difficult for us to > > apply backports to OpenBSD. > > I guess the most important thing is to give users the opportunity to fix the > vulns. Will there be a CVS tag that 5.6 users can use to update FreeType to > 2.5.5?
No. That's too large a change.
