Hi Adrian, On Sat, Mar 16, 2024 at 12:12:01AM +0200, Adrian Bunk wrote: > On Wed, Mar 13, 2024 at 08:39:47PM +0100, Salvatore Bonaccorso wrote: > > Hi Adrian, > > Hi Salvatore, > > > On Fri, Mar 08, 2024 at 02:03:55AM +0200, Adrian Bunk wrote: > > > Control: tags 1064967 + patch > > > Control: tags 1064967 + pending > > > > > > Dear maintainer, > > > > > > I've prepared an NMU for fontforge (versioned as 1:20230101~dfsg-1.1) and > > > uploaded it to DELAYED/2. Please feel free to tell me if I should cancel > > > it. > > > > > > @Security team: > > > If wanted, I could afterwards also prepare (pu or DSA) updates for > > > bookworm and bullseye. > > > > We came to the conclusion that it warrants a DSA. Could you prepare > > debdiffs for bookworm-security and bulseye-security? > > the debdiffs are attached. > > Tested on both releases with the PoCs from [1] and that opening a normal > compressed font still works.
Thanks for the debdiffs and providing as well the done testing background. Please do upload to security-master (both will need to be built with -sa). Regards, Salvatore