Information on source package fontforge

Available versions

ReleaseVersion
wheezy0.0.20120101+git-2
wheezy (security)0.0.20120101+git-2+deb7u1
jessie20120731.b-5
jessie (security)20120731.b-5+deb8u1
stretch (security)1:20161005~dfsg-4+deb9u1
buster1:20170731~dfsg-1
sid1:20170731~dfsg-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-11573vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in ...
CVE-2017-11570vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableFontForge 20161012 is vulnerable to a buffer over-read in umodenc ...

Resolved issues

BugDescription
CVE-2017-11577FontForge 20161012 is vulnerable to a buffer over-read in getsid ...
CVE-2017-11576FontForge 20161012 does not ensure a positive size in a weight vector ...
CVE-2017-11575FontForge 20161012 is vulnerable to a buffer over-read in strnmatch ...
CVE-2017-11574FontForge 20161012 is vulnerable to a heap-based buffer overflow in ...
CVE-2017-11572FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...
CVE-2017-11571FontForge 20161012 is vulnerable to a stack-based buffer overflow in ...
CVE-2017-11569FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...
CVE-2017-11568FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...
CVE-2010-4259Stack-based buffer overflow in FontForge 20100501 allows remote ...

Security announcements

DSA / DLADescription
DSA-3958-1fontforge - security update
DSA-3958-1fontforge - security update
DLA-1065-1fontforge - security update
DSA-2253-1fontforge - buffer overflow

Search for package or bug name: Reporting problems