From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) by sourceware.org (Postfix) with ESMTPS id 4E7B53857008 for ; Tue, 20 Oct 2020 14:46:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 4E7B53857008 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from [192.168.1.104] ([24.64.172.44]) by shaw.ca with ESMTP id UsuEkAq7utdldUsuFkCc5a; Tue, 20 Oct 2020 08:46:31 -0600 X-Authority-Analysis: v=2.4 cv=INe8tijG c=1 sm=1 tr=0 ts=5f8ef847 a=kiZT5GMN3KAWqtYcXc+/4Q==:117 a=kiZT5GMN3KAWqtYcXc+/4Q==:17 a=IkcTkHD0fZMA:10 a=8VpDeP3kAAAA:8 a=5SMXx1T4AAAA:8 a=FP58Ms26AAAA:8 a=iMpC6L0jGsNNbTZxuiUA:9 a=QEXdDO2ut3YA:10 a=uar3UI-X7uIA:10 a=-E0vlWde17EA:10 a=YkDor_TC5ScA:10 a=x58pXJj3Pl9T3GLWE5Uy:22 a=EEcaLA7969R8ZOA5S7FC:22 Reply-To: cygwin-apps@cygwin.com Subject: libfreetype CVE FYI To: cygwin-apps@cygwin.com References: <3375f26a-9c09-9fba-387e-3ba07618eb9f@cornell.edu> From: Brian Inglis Autocrypt: addr=Brian.Inglis@SystematicSw.ab.ca; prefer-encrypt=mutual; keydata= mDMEXopx8xYJKwYBBAHaRw8BAQdAnCK0qv/xwUCCZQoA9BHRYpstERrspfT0NkUWQVuoePa0 LkJyaWFuIEluZ2xpcyA8QnJpYW4uSW5nbGlzQFN5c3RlbWF0aWNTdy5hYi5jYT6IlgQTFggA PhYhBMM5/lbU970GBS2bZB62lxu92I8YBQJeinHzAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEB62lxu92I8Y0ioBAI8xrggNxziAVmr+Xm6nnyjoujMqWcq3oEhlYGAO WacZAQDFtdDx2koSVSoOmfaOyRTbIWSf9/Cjai29060fsmdsDLg4BF6KcfMSCisGAQQBl1UB BQEBB0Awv8kHI2PaEgViDqzbnoe8B9KMHoBZLS92HdC7ZPh8HQMBCAeIfgQYFggAJhYhBMM5 /lbU970GBS2bZB62lxu92I8YBQJeinHzAhsMBQkJZgGAAAoJEB62lxu92I8YZwUBAJw/74rF IyaSsGI7ewCdCy88Lce/kdwX7zGwid+f8NZ3AQC/ezTFFi5obXnyMxZJN464nPXiggtT9gN5 RSyTY8X+AQ== Organization: Systematic Software Message-ID: <38e606cc-4c32-5067-dc86-a9d22cc88311@SystematicSw.ab.ca> Date: Tue, 20 Oct 2020 08:46:29 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 In-Reply-To: <3375f26a-9c09-9fba-387e-3ba07618eb9f@cornell.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-CA Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfCUzlCOPWxA6e83ODo07l1fvwhMb0xcZXTLHnmRX/Tb8C2y6X46gg+tkZ3R/5shGeXb6ivaj9V4GwJ6b64MZmO8vdZpg+94C8f87ixI3nPe/3ErYE4wb m9B2IAPbSG2z1zF1/5HLyd93+D1mfb18+CwTTZZWaXRcw2B5h9nZXbY3e+paPL8bsSb7faAamZ6DM+m08OgEPg+GhADgGfjeBQs= X-Spam-Status: No, score=-6.3 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2020 14:46:33 -0000 In case you haven't seen it yet, from news feed: FreeType 2.10.4 Rushed Out As Emergency Security Release https://www.phoronix.com/scan.php?page=news_item&px=FreeType-2.10.4-Released links to: https://www.freetype.org/ "FreeType 2.10.4 2020-10-20 This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling (see here for more). All users should update immediately." links to: https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]