[SECURITY] [DSA 2253-1] fontforge security update

ID DEBIAN:DSA-2253-1:708B8
Type debian
Reporter Debian
Modified 2011-06-03T19:42:53


Debian Security Advisory DSA-2253-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 3, 2011 http://www.debian.org/security/faq

Package : fontforge Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2010-4259 Debian Bug : 605537

Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.

For the oldstable distribution (lenny), this problem has been fixed in version 0.0.20080429-1+lenny2.

For the stable distribution (squeeze), testing distribution (wheezy), and unstable distribution (sid) are not affected by this problem.

We recommend that you upgrade your fontforge packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org