[ubuntu/resolute-proposed] fonttools 4.57.0-3ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Dec 9 20:59:16 UTC 2025
fonttools (4.57.0-3ubuntu1) resolute; urgency=medium
* SECURITY UPDATE: Arbitrary File Write and XML injection
in fontTools.varLib
- debian/patches/CVE-2025-66034.patch: varLib: only use
the basename(vf.filename).
- CVE-2025-66034
Date: 2025-12-09 13:09:12.380371+00:00
Changed-By: Nick Galanis <nick.galanis at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/fonttools/4.57.0-3ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list