[ubuntu/questing-updates] fonttools 4.55.3-2ubuntu0.25.10.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Dec 9 19:28:17 UTC 2025
fonttools (4.55.3-2ubuntu0.25.10.1) questing-security; urgency=medium
* SECURITY UPDATE: Arbitrary File Write and XML injection
in fontTools.varLib
- debian/patches/CVE-2025-66034.patch: varLib: only use
the basename(vf.filename).
- CVE-2025-66034
Date: 2025-12-09 13:00:11.469881+00:00
Changed-By: Nick Galanis <nick.galanis at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/fonttools/4.55.3-2ubuntu0.25.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list