Salvatore Bonaccorso: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Hi > > Please unblock package freetype > > The update fixes CVE-2016-10244, tracked as #856971. > > The parse_charstrings function in does not ensure that a font contains > a glyph name, which allows remote attackers to cause a denial of > service via a crafted file. > > Does not warrant a DSA for stable, but would be nice to have it > already fixed for stretch. > > Needs a d-i 'ack' if accepted. > > unblock freetype/2.6.3-3.1 > > Attached debdiff against the version in stretch. > > Regards, > Salvatore > > [...]
Ack from here, CC'ing KiBi for a d-i ack. Thanks, ~Niels
