Control: unarchive -1
Control: tags -1 + bookworm sid
On Fri, 06 May 2022 at 15:25:00 +0100, Neil Williams wrote:
> CVE-2022-27470[0]:
> | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary
> | memory write via the function TTF_RenderText_Solid(). This
> | vulnerability is triggered via a crafted TTF file.
buster and bullseye (which happen to have an identical libsdl2-ttf
version) do not appear to be vulnerable to this. The code that has
the overflow seems to have been introduced in commit 31589bd "Wrapped
functions, Optimized routines, Lsb/Rsb positioning, Subpixel Hinting"
shortly after 2.0.15, so it isn't in buster or bullseye.
I haven't looked at stretch, which has an even older version, but I
suspect the same is true there.
smcv
