Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted fontforge 1:20170731~dfsg-1+deb10u1 (source) into oldoldstable
Date: Thu, 07 Mar 2024 21:10:20 +0000
Signed by: Adrian Bunk <bunk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Mar 2024 22:13:52 +0200
Source: fontforge
Architecture: source
Version: 1:20170731~dfsg-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Fonts Task Force <pkg-fonts-devel@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
 fontforge (1:20170731~dfsg-1+deb10u1) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2020-5395: Use-after-free in SFD_GetFontMetaData()
   * CVE-2020-5496: Buffer overflow in Type2NotDefSplines()
   * CVE-2024-25081: Spline Font command injection via crafted filenames
   * CVE-2024-25082: Spline Font command injection via crafted archives
     or compressed files
Checksums-Sha1:
 a90d87d6c1eccd4e6b4ca40ad4250fd07ce51dc3 3154 fontforge_20170731~dfsg-1+deb10u1.dsc
 2062bafa78013d87509cebffc8b412b4a6786f72 17896802 fontforge_20170731~dfsg.orig.tar.gz
 db12021d2c5915c1dcd4b6fb9b06f9dfb7923a7a 57524 fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz
Checksums-Sha256:
 affb09704c222997fcbe43781788b1b50eea3318b68abaa98c08d3cfe608440a 3154 fontforge_20170731~dfsg-1+deb10u1.dsc
 642dd957a7e36d68e37c8be9f849a2b2ec2f9e831103d1458660a165fe3e4ae7 17896802 fontforge_20170731~dfsg.orig.tar.gz
 4268a047eaa63e163a540c4189fd3102d55d0831158d2beefed990fd63eb1ca8 57524 fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz
Files:
 809618e46cebfd68001eca80f966f592 3154 fonts optional fontforge_20170731~dfsg-1+deb10u1.dsc
 127bbd78bb24624b8d4d2965ef4ad3cf 17896802 fonts optional fontforge_20170731~dfsg.orig.tar.gz
 ba8c8222279f831ef2090eb07410b2a4 57524 fonts optional fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXqKrUACgkQiNJCh6LY
mLGNaRAArUBfCjyOQV+K25fXQcCCz26SPktCD72snyU+Xdshx8rcBgq2h42GWnSv
4Mlx2kwYxD0SOEHIMTjy31NrNFMLhWToGEGQOAc7O3FEx31scJnMDdhIawx14jhC
W22e+tmBA3iEK/KVLdbbQsGs8iTW/TgHPcjyT1Jkh7U3NCQliLFLsZfoM4iNzT+t
RFReweREPDIHM/4H0jk8D2//6/t5slNIw/pIDi+CvHfgcGJDhLj+TqN16AIkl1Jh
EVk5/QtGeEOpKFSB/N3Kr9Q0CUDpiUtOcj86bCJQRUydQYeHJxWrzTfrUZDapZus
n2XQCoiGte6ouB2w2chXZ48eFp/9ZpgIkZ58oJKw0DoUXGUbOOXPbHW8mSXcF+pB
YpvHD9nIUUm0uQdMrbEj4RL90NxOB4rIRk2Yz7UBgdPLPVfiVR13Kl9Ihx8r4dPu
HfC8zHpGeuimXvT4D/2Im8qFoRVOelrwsKbF0fe1g8AyLOy/T++yqez9uUiFTDmp
QBN3kAmUqYVIBsQn54C47N4y5C2U54VSQb2eaganMJ6fAavVAmcVt+GoXqMF01io
29KWMPxDWYu6XWoa8WsNFnUbkShVCoYBJk0YS7M6K/Q/O9Nzq3Nu6iwCma8x+Z6B
tEFta+jKHYswSHixqKMdnCnPvCgvD0UA/P+mBBV4CmDM9dU0kxM=
=C2vZ
-----END PGP SIGNATURE-----

News for package fontforge