-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Apr 2022 23:16:58 +1000 Source: freetype Architecture: source Version: 2.11.1+dfsg-2 Distribution: unstable Urgency: high Maintainer: Hugh McMaster <hugh.mcmaster@outlook.com> Changed-By: Hugh McMaster <hugh.mcmaster@outlook.com> Closes: 1010183 Changes: freetype (2.11.1+dfsg-2) unstable; urgency=high . * Add upstream patches to fix multiple vulnerabilities. Closes: #1010183. - CVE-2022-27404: heap buffer overflow via invalid integer decrement in sfnt_init_face() and woff2_open_font(). - CVE-2022-27405: segmentation violation via ft_open_face_internal() when attempting to read the value of FT_LONG face_index. - CVE-2022-27406: segmentation violation via FT_Request_Size() when attempting to read the value of an unguarded face size handle. * debian/copyright: Update debian/* section for 2022. Checksums-Sha1: f91520d9f61efa210bfabaebe8c884e035099353 3713 freetype_2.11.1+dfsg-2.dsc 1dd94ce8537c85af74c2454652ac2f436ac86513 40984 freetype_2.11.1+dfsg-2.debian.tar.xz 2d43ac7087ab3960fb1ffe3e669bf650d01a78d1 8648 freetype_2.11.1+dfsg-2_amd64.buildinfo Checksums-Sha256: 6671f4c916f903bdf828a693669c570f15ae7924d04a2c5375b8657f30f90ce3 3713 freetype_2.11.1+dfsg-2.dsc 7b90133a03e22d46f78243d2c3f69cfa077a8c638ea88a39c767bcd9d17aead5 40984 freetype_2.11.1+dfsg-2.debian.tar.xz fac07751f49e0b85056158afa6246c75506cd627188dd393c5c89ff3d0cc665d 8648 freetype_2.11.1+dfsg-2_amd64.buildinfo Files: 8b001a1c045eef5e65d5b57a9000f4c9 3713 libs optional freetype_2.11.1+dfsg-2.dsc 8f879f09907a4012ac3388b0cc388803 40984 libs optional freetype_2.11.1+dfsg-2.debian.tar.xz 9793dc8363bdbc97b158d79f3e45a06d 8648 libs optional freetype_2.11.1+dfsg-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJOBAEBCgA4FiEEOiCBPKV5RoaMUVIRWsYQdMXoG8QFAmJn8oAaHGh1Z2gubWNt YXN0ZXJAb3V0bG9vay5jb20ACgkQWsYQdMXoG8Q/Ug/9GRyGgbki/56LMZz3vD5V 8IlTfDpY1myzKtjHZeU/vdbQf1YmzwritxGjn1ztgR/Lp/c09ZjCH+1qW5FXMDDn XEGbsOXl4XHOS9OR6HjR/Hkq8PKJYODdjrTi3MS6tSL8eyZj6lExFrqFj5EryxPe P7811kjxj/DsIcLnB/38sCqNgqu4lH3/8gW5txjJveqMuQo0v2EFsfVWErHIi0ON /661TeCNJZqhZDeaoCA3lKXDeOFnxLHyd6+DIW9MZZddkV/94xl7WTWJ+rnQeuqj PuaMKJal/TBWEjE0lS+j6ab9S9c1WZ9UFYrOR0yb4JtDstLGYJOZy1Wn+dD/XkpN BsGoPilK0tsZDlxbSVwvdFoYMnnUfo0gk311pMFp6J2P3QrMIKr3ndrBqq/Pf4fu IlnLEJYZOFnBBFq0v4trsMkhBc6fqkPIYhAL25cCgNBSV32hTgdGGcr2Wji+NopK 5zCrCz9EKO5yPH5GMBrlgrg1PzViCaO8Kd+GyP3J0bE7+OubkzItM7SHI3NHzNcI stybTEREjxrA2diORWyy0C1CXKNEcFkECU+/S+u5ssE+H3MyVjDD3RUitlaXQH/9 aBO7yBqRH2GaviHHqSTImCYrIOigkqVaFjBBTkaHacxNNPB98XBbHlDPiwrkhTjI UHnmDnfH97jvetawzfFMDYk= =xLfj -----END PGP SIGNATURE-----
