|
From: | Tobias Geerinckx-Rice |
Subject: | bug#44146: CVE-2020-15999 in FreeType |
Date: | Thu, 22 Oct 2020 21:30:30 +0200 |
Marius, Marius Bakke 写道:
The 'freetype' package is vulnerable to CVE-2020-15999.
Oh dear. 'Thanks' for breaking the news.
I'm busy for a couple of days and won't be able to work on it in time.Volunteers wanted!
It feels like it shouldn't work (what with the different .so version & all) but I've been unable to break a ghostscript grafted to use 2.10.4.
I'm currently reconfiguring my system with it; if it works, I'll push it.
Whatever happens, I won't have time to apply the core-updates half tonight.
Forwarding a message from oss-security, we may have to patch Ghostscriptas well:
I don't know enough about FT/GS's internals to really understand what's going on, but being a C(ompile-time) macro, this *could* be safe to graft, right?
Kind regards, T G-R
signature.asc
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |