On Wed, Mar 07, 2012 at 03:57:33PM +0100, Moritz Muehlenhoff wrote: > On Tue, Mar 06, 2012 at 10:12:35PM +0100, Yves-Alexis Perez wrote: > > Source: freetype > > Severity: grave > > Tags: security > > Justification: user security hole > > > > Hi, > > > > several vulnerabilities were found in freetype and were fixed in 2.4.9. > > > > A summary can be found in the oss-sec thread starting at > > http://www.openwall.com/lists/oss-security/2012/03/06/13 and followups. > > > > Could you prepare an update for the various affected suites? > > Only CVE-2012-1133, CVE-2012-1136, CVE-2012-1134, CVE-2012-1142 and > CVE-2012-1144 can be used for code injection. The rest can be fixed > along (or later in some point update) or left unfixed in stable.
I'm now working on an update for stable-security. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org