On Wed, Jul 20, 2022 at 10:52:48AM +0100, Simon McVittie wrote: > Control: unarchive -1 > Control: tags -1 + bookworm sid > > On Fri, 06 May 2022 at 15:25:00 +0100, Neil Williams wrote: > > CVE-2022-27470[0]: > > | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary > > | memory write via the function TTF_RenderText_Solid(). This > > | vulnerability is triggered via a crafted TTF file. > > buster and bullseye (which happen to have an identical libsdl2-ttf > version) do not appear to be vulnerable to this. The code that has > the overflow seems to have been introduced in commit 31589bd "Wrapped > functions, Optimized routines, Lsb/Rsb positioning, Subpixel Hinting" > shortly after 2.0.15, so it isn't in buster or bullseye.
Thanks, I've updated the Debian Security Tracker accordingly. Cheers, Moritz