-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 22:56:38 +0200 Source: fontforge Architecture: source Version: 1:20201107~dfsg-4+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Fonts Task Force <debian-fonts@lists.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Closes: 1064967 Changes: fontforge (1:20201107~dfsg-4+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload. * CVE-2024-25081: Spline Font command injection via crafted filenames * CVE-2024-25082: Spline Font command injection via crafted archives or compressed files * Closes: #1064967 Checksums-Sha1: 02da1e253546ea8c9327a0c9f33d66afbfb6336e 2999 fontforge_20201107~dfsg-4+deb11u1.dsc 70695fabd8cbba0486a8cae603cea14aef9b12a7 11840596 fontforge_20201107~dfsg.orig.tar.xz 4a7c5e045711484791af318bd07aa1bb81d7c216 66808 fontforge_20201107~dfsg-4+deb11u1.debian.tar.xz Checksums-Sha256: 6217637c8305ca5711c75c681c8a6a5d89381abffe7d81d7967428f6ffe82ac3 2999 fontforge_20201107~dfsg-4+deb11u1.dsc 87672ca0dbfa3df42d768c3856186617059a5471fa99b35e7495d612a533c40b 11840596 fontforge_20201107~dfsg.orig.tar.xz 69722b63483594f0a78c28176c2024e21f51bf6b242b26e4a90132c2d843e6ce 66808 fontforge_20201107~dfsg-4+deb11u1.debian.tar.xz Files: 55a14e12ed5146a953b83a99619a20aa 2999 fonts optional fontforge_20201107~dfsg-4+deb11u1.dsc fcb397570d9502ae649f2735d5c09d6f 11840596 fonts optional fontforge_20201107~dfsg.orig.tar.xz 99be1953b1326b82a9e543a8f6b5bed7 66808 fonts optional fontforge_20201107~dfsg-4+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX1jksACgkQiNJCh6LY mLF2Aw//dYdmHQxGqSKRzQJw8Q9vH1IfSBg44A3LC77dqnSI1ScQzUcc7IdaR8oR hY4yuBon0Cg1hbDl9CrHQgmee0u8EbAPblJCAdcI24u7ab9i5jH63yuJQ23sPaSM KvR7gz6T7zGfyXN1jJYG6LmSrl7kQUYdr5F2KM9Ecpr805E10h5D86XzSBmxZgR3 4tmUUaC8N3w9cUquOxbmD/544oaoIoSyaRJz7ZG94qmFgYwS+AFKKuxFXC+n3F3T pDu0A/5DkNOQD2w32sOb5LIoDdHS2d7L57Fc9ImUNiZxbaD+gZM4NA61QwME3FfY bHeB9qFjvSb64bbGJqKLGY27Joli+VGmXCyQ0DJsBmm2adx9NNvrX4qJqSF3g0UH A8QGhiMKHK9DM+bMvfEQtbfV+oNBjgnUPS1OSKSRQwTUZ9tzrEMDPc29oJGD1mPN SiDENL1hWcDgkkPxzlW/wARcVksDh+vf9cm7wCISgVI5KYxhhyYhK8D6jYM0H8yO S5kFmT8xbtIkWiY8r+HSJQveY0kxnhqopDzFTJFK3s9E76I0kYSMr90Ia1Eh6qfa 0Bl5uSkfd6SIropfACGXlEWu7R5hFCohLn7Y/gEzmwAZMX0wpX+uxHS2ZuOj70YS 2BAQbnWsC/yp+gErKyBiPjIOFebvHjVAzaRxCG3AesgoQ5LV/5k= =hRV/ -----END PGP SIGNATURE-----