On Sat, Jul 07, 2007 at 07:23:38PM +0200, Moritz Muehlenhoff wrote: > On May 30, 2007 at 10:59:15PM +0100, Steve Kemp wrote: > > > I haven't > > > yet looked into whether this bug affects the sarge version of the package, > > > I'll do that next (unless somebody here already knows the answer).
> > I was under the impression that it wasn't vulnerable, but I admit > > I've not yet checked. If we've not heard back by the time I make > > the upload I'll take a look myself. > What has been the result? DSA 1302 doesn't mention Sarge. I've uploaded a freetype 2.1.7-7 package to <http://people.debian.org/~vorlon/freetype/>, signed and built for sarge. Let me know if you would like me to upload this to security.d.o (I promise I'll even use the embargoed queue this time, so you don't have to go hunting for the upload ;). Unfortunately, going back through my mail I see that there's another open security report against freetype, bug #426771. I have not investigated this at all to confirm which versions of freetype are affected. Please advise if you would like me to look into this for possible inclusion in 2.1.7-7. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
