There are 2 open security issues in bullseye.
2 issues left for the package maintainer to handle:
- CVE-2022-33068:
(needs triaging)
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
- CVE-2023-25193:
(needs triaging)
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
You can find information about how to handle these issues in the security team's documentation.