Debian alert DLA-1065-1 (fontforge)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1065-1] fontforge security update | |
| Date: | Sat, 26 Aug 2017 17:10:02 +0200 (CEST) | |
| Message-ID: | <alpine.DEB.2.02.1708261708400.3512@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : fontforge Version : 0.0.20120101+git-2+deb7u1 CVE ID : CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 FontForge is vulnerable to heap-based buffer over-read in several functions, resulting in DoS or code execution via a crafted otf file: For Debian 7 "Wheezy", these problems have been fixed in version 0.0.20120101+git-2+deb7u1. We recommend that you upgrade your fontforge packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZoY9KXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH3JYP/jRc+ajJdIr7GKjvyr+5p3Z5 82N4fXx2GZntm6TrVUnaiDHVWOYK26Q4dOmUcBzZNapxHJ6a457t1fNJOIQyhmha O8+azo/h3c51X9Ot/Nth+xPPfyJt0kPMJRx7chdnFcAIv5Qd4eICaRivN37jrtsr UCSprnA1R+H7WNUpsfq3TrpvpJKdLkBP+UXwhEhTnPbe7ybTgw+S0nGWal1/eOKL xu3tRuAzvH2zqaDlIyaGK4+bI+b7E2lAxm0s9yHXg47ubKIxUaZcPyayYsU1ruXc rRGWzc1eoIwXfd/g+e9C0Akg7Q79w0+FYS8V5mg2yUVZI9MxeuY0qRt6e2VYaCUr tFgE1faleEg/F7V5i5uZl8o7cU3sHBO/caX4bL18ci4ms0yUn1eGUf/rtODHVWc2 ZOi9s6Cj7De4FGYLuc30H26fohtMxOiDQlCwKHDzTlTlHcXVO3ER/VR2roz7lkw1 emOCGj0DHcWbNOeIGatsWRcWkWKMWY8ZGisVGUZWIi5l97e1EXTykjTuH5+OAydk 9ouL97VkDvX3frLBj7HfYl+D2cjT4n5/KxHQqXPy7lFWppR0BvK041SqgH94mACe j+eldresI01EjPM3OcaWaDu8WmLd5Ym/zdqoOsQ8NUl7wwrkhLvYVa8/Zx8bMAQ+ a8StWy23G06gnbyLowpG =ySS9 -----END PGP SIGNATURE-----