[Pkg-fonts-devel] Bug#948231: fontforge: CVE-2020-5395 CVE-2020-5496
Markus Koschany
apo at debian.org
Sun Jan 5 17:05:35 GMT 2020
Package: fontforge
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for fontforge.
CVE-2020-5395[0]:
| FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in
| sfd.c.
CVE-2020-5496[1]:
| FontForge 20190801 has a heap-based buffer overflow in the
| Type2NotDefSplines() function in splinesave.c.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-5395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5395
[1] https://security-tracker.debian.org/tracker/CVE-2020-5496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5496
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-fonts-devel/attachments/20200105/37b133b3/attachment.sig>
More information about the Pkg-fonts-devel
mailing list