freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] Bugging package maintainers to update their FreeType packages


From: Nikolaus Waxweiler
Subject: [ft-devel] Bugging package maintainers to update their FreeType packages sooner?
Date: Wed, 17 Feb 2016 15:34:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

Hey list,
so Bungeman was commenting on my plea to update Ubuntu's package to
2.6.3 (https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1521299):

I would argue this is more than just "wishlist". In FreeType 2.6 an
actual thread safety model was introduced making FreeType no longer
thread antagonistic. Also, between 2.6 and 2.6.2 FreeType was heavily
fuzzed which resulted in a number of fixes, some of which may be of
security interest but because they were not found as vulnerabilities
they will probably never end up with CVE numbers. If Xenial ships
with FreeType 2.5.2, I have no doubt that it will have already known
but unpatched security issues for its entire life.

I concur, but so far, no response. The same goes for this plea on the Debian bug tracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812518. I don't know the situation for other distros, but those are two big ones.

If anyone who is involved in packaging or knows the person doing it is reading this: please respond or talk to the package maintainer :)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]