-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 Apr 2022 19:54:23 +1000 Source: freetype Architecture: source Version: 2.10.4+dfsg-1+deb11u1 Distribution: stable Urgency: medium Maintainer: Hugh McMaster <hugh.mcmaster@outlook.com> Changed-By: Hugh McMaster <hugh.mcmaster@outlook.com> Closes: 1010183 Changes: freetype (2.10.4+dfsg-1+deb11u1) bullseye; urgency=medium . * Add upstream patches to fix multiple vulnerabilities. Closes: #1010183. - CVE-2022-27404: heap buffer overflow via invalid integer decrement in sfnt_init_face() and woff2_open_font(). - CVE-2022-27405: segmentation violation via ft_open_face_internal() when attempting to read the value of FT_LONG face_index. - CVE-2022-27406: segmentation violation via FT_Request_Size() when attempting to read the value of an unguarded face size handle. Checksums-Sha1: 2a347e1cd0239af168a172c0ead7a7022523dcf3 3762 freetype_2.10.4+dfsg-1+deb11u1.dsc c15cdadbe91eb16627811264ef772495d77da163 117572 freetype_2.10.4+dfsg-1+deb11u1.debian.tar.xz c6e804a7e7be224a6bfd19df5fdfc125a550630f 9016 freetype_2.10.4+dfsg-1+deb11u1_amd64.buildinfo Checksums-Sha256: 6c93012be153ec146b77bfa4df0bd8b19affe63f5a8bdbfbf3ce6faf4a89e365 3762 freetype_2.10.4+dfsg-1+deb11u1.dsc f8845df5a24d816934ef30b46b8561072df3f7973ea65654674d69810aab9c3b 117572 freetype_2.10.4+dfsg-1+deb11u1.debian.tar.xz 091b9f3a4466cd7a7929436fd3f3423655c418f04c727ae32f616e53165ebb05 9016 freetype_2.10.4+dfsg-1+deb11u1_amd64.buildinfo Files: 9d3d20f1d07510b77886fe7ddfead60f 3762 libs optional freetype_2.10.4+dfsg-1+deb11u1.dsc 2d245a36a612a09abe52ebfdaabbaf13 117572 libs optional freetype_2.10.4+dfsg-1+deb11u1.debian.tar.xz b053f6590002b2c9092f0672c2c11aef 9016 libs optional freetype_2.10.4+dfsg-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJOBAEBCgA4FiEEOiCBPKV5RoaMUVIRWsYQdMXoG8QFAmKocrgaHGh1Z2gubWNt YXN0ZXJAb3V0bG9vay5jb20ACgkQWsYQdMXoG8RGPQ/8DEpPWAXF2BU69ogmHK6u Ibf2gO9aCSzEvZCT9t2No4xDmqXJd0qpD+kn4/SchV9i7Oy1p7hvFjZghfnr0hmd mdwJwj5syMEKkLs3aADTjhYri11ZQqYGRuDzn3sspd0G6ob2+Bf23x1JxudC9XVa NjrT7TbLoe8fyz5nRPuKYD74Fn3waTNiM2m2yn3j1rf7toLj3A39xap1iRRyvQpW DEGGavCs9DzLl7niLd3MwebSMntSNKiqCG8YAScB4+XNR8Hpii3l2vzl8DJmiWuL P+rbgzjwLqDxC7anlLQ6LiAAKmmkfREJTKSdUcYYhS8mKGZ0zUK9CF2K64szhaKI xtH+cAM3ArdoIV/cbMHFKvMfhAgS+XpKg3d8pay/ODkdxuOCw7tPuEbfCptDJ4/4 M3ebVHGwcwWFuJgDiJgSxXNkoyBjMNClA8f6qT9HO7Ja8a9ObZuGSeRIT1QTDJ8J 56oH9zyOoI329kJBVFCckhWyqsflPrjWIqx7kiAwErWN3CU/VGyci1027oJ+APMv Ggdkydzj5csfxZyGhatR/+MuZDe20byxyQ+h0TV7ybbqh+BSkQVOITdoB1wML0h4 p5Us9O6dJvWsQfJdH4zmdV5fSZMsTNCPcq9pGS5EjweMfH8dE/BFCgrNO/QmPo3R Z3zQ9wuYqUrJXJ36SurLwgY= =YewX -----END PGP SIGNATURE-----