Source: freetype Version: 2.7.1-0.1 Severity: grave Tags: security upstream experimental
Hi, the following vulnerabilities were published for freetype. AFAICS these affect only the version in experimental, so before it will migrate at some point to unstable, fixes for those two CVEs should be included. CVE-2017-7857[0]: | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a | heap-based buffer overflow related to the TT_Get_MM_Var function in | truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. CVE-2017-7858[1]: | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the | TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face | function in sfnt/sfobjs.c. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7857 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7857 [1] https://security-tracker.debian.org/tracker/CVE-2017-7858 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7858 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
