-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 22:56:38 +0200 Source: fontforge Binary: fontforge-common fontforge-doc Architecture: all Version: 1:20201107~dfsg-4+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Adrian Bunk Description: fontforge-common - font editor (common files) fontforge-doc - documentation for fontforge Closes: 1064967 Changes: fontforge (1:20201107~dfsg-4+deb11u1) bullseye-security; urgency=medium . * Non-maintainer upload. * CVE-2024-25081: Spline Font command injection via crafted filenames * CVE-2024-25082: Spline Font command injection via crafted archives or compressed files * Closes: #1064967 Checksums-Sha1: d734008f99cf1305fb4014423ef249b5e63668fe 2079176 fontforge-common_20201107~dfsg-4+deb11u1_all.deb 5cec2d27c482b92dfd89740c80e985bc81bd8d21 3602444 fontforge-doc_20201107~dfsg-4+deb11u1_all.deb fbd6cd60ae41e4406879d0a66898e537fc116e2c 16860 fontforge_20201107~dfsg-4+deb11u1_all-buildd.buildinfo Checksums-Sha256: 47016162fccdfd0716985bded165d32194599ee1a4a6b80144fdd822ea02e691 2079176 fontforge-common_20201107~dfsg-4+deb11u1_all.deb 1492c3da66e86d4d4c231c8177beacbcecc1cec97be85bf2ddde9dcd3ae044df 3602444 fontforge-doc_20201107~dfsg-4+deb11u1_all.deb 4dfb254bddaf7888e348fa91821a1cb9bfdc8f99903995f8c54954c2085a7d30 16860 fontforge_20201107~dfsg-4+deb11u1_all-buildd.buildinfo Files: 87510592f3c1987753fbc6689e2ee3fa 2079176 fonts optional fontforge-common_20201107~dfsg-4+deb11u1_all.deb 69335b62baaf629d3cb24249bb73f94f 3602444 doc optional fontforge-doc_20201107~dfsg-4+deb11u1_all.deb 8d5c05d09f9b158f9f730d6e3e99b185 16860 fonts optional fontforge_20201107~dfsg-4+deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtzb3SVunlrB0F8t8ExOkVqF4GXMFAmX1k+sACgkQExOkVqF4 GXMAmxAAw8gNLzYQ8hM5mnY+JJngB8oT6VceAgS12gnaevT8sPjUivN7eLD6wSgb bR3cEJyoZNtwQeM1GUQMlu3sDK+Uta1zH/GRiUtBej7/ZYUGc/dF+25tzK+xzZLK IShNDN/lpz91i5VtmjSFHuC9GfQnuHMmsI3yFYi/j13yj5MSIaFfvlSjsUhHxy5C pnct27mRAE9Lqfn/avMGXYCgzjJO0nLBJ1A12YEbKwn/4opgkCGv9V7+cz+9B7Zl 068YHiQ4B3r/zIRNzWvlijUG0fBDVgAxcqQ6dsYx+INvIh6pFGYKFA2zhS75q/T8 lmGeVX2M2cTukOiMWocBPuCcxQ9eYPI3U2eJ4eC7Uizw5CLnOGE0IdeXCQIrK741 rleFFSobW8mNsirAKp9VW4jzmQcj30BchjOrHp7VETpzMRvNqttlhvPkNLA77oux AbiNhbPS/LkzlUDEpNR7C3zEjz80YTskBGvQAy4w+ZuUXIyUIcVzKAX3XXKqZnzx qKvljosMAw9m6Pm5yfzlCTTRONCaYLqH7iwBjGe9Ta6goXJgDiWOBMCcyeIhHtPu xSvHzFcYUCMCiEC/bYl/1wnfCATpEBCRMr/xwPKE+Wf4+CEa/tXdOlz1DvScurNL yw6GNxleijQhJr6HD4Q0gdntccQWX/hlYkEw9KL7Zarb1WMJ34w= =ad+E -----END PGP SIGNATURE-----