[ubuntu/plucky-security] fonttools 4.55.3-2ubuntu0.25.04.1 (Accepted)
Nick Galanis
nick.galanis at canonical.com
Tue Dec 9 16:44:58 UTC 2025
fonttools (4.55.3-2ubuntu0.25.04.1) plucky-security; urgency=medium
* SECURITY UPDATE: Arbitrary File Write and XML injection
in fontTools.varLib
- debian/patches/CVE-2025-66034.patch: varLib: only use
the basename(vf.filename).
- CVE-2025-66034
Date: 2025-12-09 12:49:38.558594+00:00
Changed-By: Nick Galanis <nick.galanis at canonical.com>
https://launchpad.net/ubuntu/+source/fonttools/4.55.3-2ubuntu0.25.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list