-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 22:41:07 +0200 Source: fontforge Architecture: source Version: 1:20230101~dfsg-1.1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Fonts Task Force <debian-fonts@lists.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Closes: 1064967 Changes: fontforge (1:20230101~dfsg-1.1~deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm-security. . fontforge (1:20230101~dfsg-1.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2024-25081: Spline Font command injection via crafted filenames * CVE-2024-25082: Spline Font command injection via crafted archives or compressed files * Closes: #1064967 Checksums-Sha1: d9cb8efc7d796ac6411b2da94bb8084f9df35912 2949 fontforge_20230101~dfsg-1.1~deb12u1.dsc 7f5f4150a07609d4f7287ab796419a8a4ea62273 12024816 fontforge_20230101~dfsg.orig.tar.xz b4dd06afb13f22f6e30f244676f4e2be0d0516f3 54256 fontforge_20230101~dfsg-1.1~deb12u1.debian.tar.xz Checksums-Sha256: c564e1674a5072fa85e3b081931fad51e8a1b0e8318aaa16117318cb220fe880 2949 fontforge_20230101~dfsg-1.1~deb12u1.dsc b3bbdbbdd52638ad8dcbca15e80065e82ec6fa16cef7cc4c42954f47aae3c6b7 12024816 fontforge_20230101~dfsg.orig.tar.xz cab31302daf68763d74c2845195ea012e72acd7e706dbc43b23022483af47fa5 54256 fontforge_20230101~dfsg-1.1~deb12u1.debian.tar.xz Files: b15a9d5d00c6ee7a75e01c74be6d3083 2949 fonts optional fontforge_20230101~dfsg-1.1~deb12u1.dsc 4bada2cb3191d3383ffe9ccb6d1b73b6 12024816 fonts optional fontforge_20230101~dfsg.orig.tar.xz d5672e2981f7cc85a2db02465b6fc499 54256 fonts optional fontforge_20230101~dfsg-1.1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX1jV0ACgkQiNJCh6LY mLF5oA//RMMnIptx1/4dQt4bMQf/dw6G0UWSgBaBe/lra3+roWSW1zJ033/CRT/D tnKsvGh7GiyC3qzxzN4F1p0LRBTRLCEo/79giFE/hYvA+azPyY87Lf03N+0zCRbi q7JGJbewb1ggOQogY4e5k6eBuciY1DZx1syZLKFhQ0AALtdELWy70xDGEqQHrtGE uw48qIxV4Lh8qeE2VM0vWXbTWuc/ggOtjqXZfUlNpYI3ONrog8LG/dE6BGrfiENp /r4Krne599apVNgAVZ0hJLhncH1yIWWnMqEKzSCDy94gMtN/0zlDPSwj4LOxpmeS wpAE34HG3q9sIxmD5dqhXgjGkLpcGwfZuVeghnx5A4MT8bqu3Te3C638jR3Sfmaf 0AEOcgv/BN7D/KHTJrm2gmGAE1e4sLSr2lk3/Tv3SN04g9G98yDGdF8PCBRSxm4C yEOODZvBhETcZtNkJnZiHZDZs08IXGvz99u2nax9mz49nAj5VyV7WNA1xOWgdICc 1uY35ZnO1hT5Z0DwqI0Qo4EY4HWmnUh/byjeUMlDJ0/Iyq7f1EuLDN6h+jfnb6lh OOsHcc/a19RA0oOcqKJkwkc20RHTfZ5AhWWzxcxhcAdT6mCnM3ePv048ywkPS+G5 yXpqqdQWWfr06mqaThqr3uSa/Q0bjnCHhPgZjbkFMhd7U4DoCPU= =SXnC -----END PGP SIGNATURE-----