Bugzilla – Bug 1079459
libfreetype6 2.7.1 CVE-2017-8105 CVE-2017-8287
Last modified: 2018-02-06 07:10:05 UTC
The current version of libfreetype6 being used in Tumbleweed contains a couple of CVEs and is also pretty outdated. Please update libfreetype6 to 2.9. Sorry if this is not the proper place to report this, but I don't see any way to flag packages as outdated.
CVE-2017-8105, CVE-2017-8287: Older FreeType versions have out-of-bounds writes caused by heap-based buffer overflows related to Type 1 fonts.
Already in bug 1036457, bug 1035807. Pinging maintainer there...