Debian Security Advisory DSA-2253-1 email@example.com http://www.debian.org/security/ Thijs Kinkhorst June 3, 2011 http://www.debian.org/security/faq
Package : fontforge Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2010-4259 Debian Bug : 605537
Ulrik Persson reported a stack-based buffer overflow flaw in FontForge, a font editor. When processed a crafted Bitmap Distribution Format (BDF) FontForge could crash or execute arbitrary code with the privileges of the user running FontForge.
For the oldstable distribution (lenny), this problem has been fixed in version 0.0.20080429-1+lenny2.
For the stable distribution (squeeze), testing distribution (wheezy), and unstable distribution (sid) are not affected by this problem.
We recommend that you upgrade your fontforge packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: firstname.lastname@example.org