Source: freetype Version: 2.5.1-1 Severity: grave Tags: patch Hi,
Two vulnerabilities have been identified in freetype in the recently contributed CFF rasterizer code. Please refer to the references for the details. From what I understood from the bug report, CVE-2014-2240 is the stack OOB read/write, while CVE-2014-2241 is the DoS caused by the assert. References: http://openwall.com/lists/oss-security/2014/03/10/2 http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/ https://savannah.nongnu.org/bugs/?41697 https://bugzilla.redhat.com/show_bug.cgi?id=1074646 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org