vcswatch reports that
this package seems to have a new changelog entry (version
4.51.0-1, distribution
unstable) and new commits
in its VCS. You should consider whether it's time to make
an upload.
1 issue left for the package maintainer to handle:
CVE-2023-45139:
(needs triaging)
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.
Among the 1 debian patch
available in version 4.46.0-1 of the package,
we noticed the following issues:
1 patch
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.