Control: severity -1 normal On Sat, Dec 13, 2014 at 11:18:18PM -0500, Michael Gilbert wrote: > package: src:freetype > severity: serious > version: 2.5.2-2
> An out of bounds write issue was found in the Adobe's CFF > implementation in freetype [0]. > CFF was introduced in freetype 2.5, so wheezy and squeeze aren't affected. > [0] http://savannah.nongnu.org/bugs/?43661 As this is described as a bug in the Adobe CFF implementation, and we currently disable the use of this code at build time (bug #730742), I believe Debian is not vulnerable. The bug should still be fixed as we will eventually want to re-enable this code, but it doesn't look like a serious bug. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
