Source: harfbuzz Version: 10.1.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for harfbuzz. CVE-2024-56732[0]: | HarfBuzz is a text shaping engine. Starting with 8.5.0 through | 10.0.1, there is a heap-based buffer overflow in the | hb_cairo_glyphs_from_buffer function. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-56732 https://www.cve.org/CVERecord?id=CVE-2024-56732 [1] https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m [2] https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 Regards, Salvatore
