ELA-856-1 freetype security update

segmentation violation

Version2.5.2-3+deb8u6 (jessie), 2.6.3-3.2+deb9u3 (stretch)
Related CVEs CVE-2022-27405 CVE-2022-27406

Two issues have been found in freetype, a FreeType 2 font engine. Both issues are related to segmentation violations in different functions: ft_open_face_internal() and FT_Request_Size().

For Debian 8 jessie, these problems have been fixed in version 2.5.2-3+deb8u6.

For Debian 9 stretch, these problems have been fixed in version 2.6.3-3.2+deb9u3.

We recommend that you upgrade your freetype packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.