On Wed, Mar 07, 2012 at 03:57:33PM +0100, Moritz Muehlenhoff wrote:
> On Tue, Mar 06, 2012 at 10:12:35PM +0100, Yves-Alexis Perez wrote:
> > Source: freetype
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi,
> >
> > several vulnerabilities were found in freetype and were fixed in 2.4.9.
> >
> > A summary can be found in the oss-sec thread starting at
> > http://www.openwall.com/lists/oss-security/2012/03/06/13 and followups.
> >
> > Could you prepare an update for the various affected suites?
>
> Only CVE-2012-1133, CVE-2012-1136, CVE-2012-1134, CVE-2012-1142 and
> CVE-2012-1144 can be used for code injection. The rest can be fixed
> along (or later in some point update) or left unfixed in stable.
I'm now working on an update for stable-security.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
