Hi Andres,
On Wed, Feb 01, 2023 at 03:47:03AM -0500, Andres Salomon wrote:
> Hi Security Team & Jeremy,
>
> I had originally planned to ask the release team about fixing #1029845 (the
> bug below) in bullseye via t-p-u. However, it would appear that there's also
> an outstanding security bug in h
On Wed, Feb 1 2023 at 10:09:15 AM +0100, Emilio Pozuelo Monfort
wrote:
On 01/02/2023 09:47, Andres Salomon wrote:
Hi Security Team & Jeremy,
I had originally planned to ask the release team about fixing
#1029845 (the bug below) in bullseye via t-p-u. However, it would
appear that there'
On 01/02/2023 09:47, Andres Salomon wrote:
Hi Security Team & Jeremy,
I had originally planned to ask the release team about fixing #1029845 (the bug
below) in bullseye via t-p-u. However, it would appear that there's also an
outstanding security bug in harfbuzz (CVE-2022-33068, tracked at #10
Hi Security Team & Jeremy,
I had originally planned to ask the release team about fixing #1029845
(the bug below) in bullseye via t-p-u. However, it would appear that
there's also an outstanding security bug in harfbuzz (CVE-2022-33068,
tracked at #1013673). So instead, maybe it's better if we
Source: harfbuzz
Followup-For: Bug #1029845
Based on the previous: I think that the font was probably accidentally
committed to source control while testing a fix for the issue reported on
GitHub - and so following upstream's removal of the font seems to make sense,
given that there doesn't appear
Source: harfbuzz
Followup-For: Bug #1029845
Potentially relevant context:
- https://github.com/flutter/flutter/issues/16886
- https://lists.debian.org/debian-legal/2011/05/msg5.html
Source: harfbuzz
Severity: serious
Version: 6.0.0-1
Justification: Policy 2.1
Harfbuzz includes a nondistributable font in its test suite. I thought
it was just in sid/bookworm, but it's apparently also in bullseye as
well.
In bullseye:
test/shaping/data/in-house/fonts/641ca9d7808b01cafa9a666
7 matches
Mail list logo