On Wed, Sep 13, 2006 at 09:33:46PM +0200, Moritz Muehlenhoff wrote: > Steve Langasek wrote: > > Looks like it's time for another try at freetype. CVE-2006-3467 appears to > > be a potentially exploitable integer overflow in freetype's PCF parser. > > I've uploaded freetype_2.1.7-6 to > > <http://people.debian.org/~vorlon/freetype-DSA/>, replacing the previous > > version there; signed sources, unsigned changes.
> Thanks, this was already on my list. I've lost track of the status of the > regression that did bite several users. Do I need to dig out the patch or > was it fixed in r2? That fix is included in 2.1.7-5, which is part of sarge r3, so -6 should be a clean patch against that version for just this security fix. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
