# no patch is included in this bug report tags 425625 -patch thanks Hi Stefan,
On Tue, May 22, 2007 at 11:01:51PM +0200, Stefan Fritsch wrote: > Package: libfreetype6 > Version: 2.2.1-5 > Severity: grave > Tags: security patch > Justification: user security hole > A vulnerability has been found in freetype. CVE-2007-2754: > "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier > might allow remote attackers to execute arbitrary code via a crafted TTF image > with a negative n_points value, which leads to an integer overflow and > heap-based buffer overflow." Ok, I've prepared a stopgap 2.2.1-6 upload for unstable to fix this bug since I don't have the latest upstream version ready yet. Security team, I'm not sure if this warrants a DSA; I definitely don't see much risk of a remote exploit the way the CVE claims, I don't know of any applications that will load untrusted truetype fonts provided remotely across the network. If you do think a DSA is warranted here, let me know and I'll be happy to prepare an upload. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
