Control: tags -1 d-i Hi kibi,
On 20-04-2023 13:47, Hugh McMaster wrote:
[ Reason ] An integer overflow vulnerability was discovered in FreeType (specifically, the tt_hvadvance_adjust() function). This is CVE-2023-2004. [ Impact ] FreeType 2 can crash when getting TrueType font metrics due to the overflow. [ Tests ] Chromium's OSS-Fuzz project regularly fuzzes the FreeType source. After the upstream fix was applied, the vulnerability was fixed. [ Risks ] The patch is non-invasive and very small.
unblock freetype/2.12.1+dfsg-5
This is currently udeb blocked, so I now realize I should have pinged you. I approved this from our side, can you confirm that after RC2 it's OK for d-i too?
Paul
OpenPGP_signature
Description: OpenPGP digital signature
