From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by sourceware.org (Postfix) with ESMTPS id 226AE3858402 for ; Sat, 9 Mar 2024 19:42:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 226AE3858402 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=SystematicSW.ab.ca ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 226AE3858402 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=216.40.44.17 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710013353; cv=none; b=ZYSjhKtZURrBsUC4VHzZ0ONGnrHNDUOA/61coPOL5kKXWRuVdD43siYLsFm8pQbxN7UdOkuutglPZvTdxsGnWbQTdL6fRl9fSTx6mf9hfesZkgNpPtDWwcLEGSunzDzPoaz+Mz+gl+BfXmdJvDbj80/IU1EiqUCwHFSIsEZIfHs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710013353; c=relaxed/simple; bh=qQgUTt92+NCE3m8BJ5Rehm+A+eAMdV50RQGV72XfHIU=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=U4hBoKulCYT7gsNA+z4rfWJfmWyGp10Zf4ZDm7ei2S3I5quIaEgQt1TwvRXPowhdpfxDYql8U/u9n8DP55QHnDbUgMFPmTB6Er4UnbxS9aROx29oROnddcY+vbnR6wR8ibXzymUkR165d5amdc+dXOtlX7vkWW5w9Jp59VjWUrc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from omf05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 7C772160581 for ; Sat, 9 Mar 2024 19:42:29 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: Brian.Inglis@SystematicSW.ab.ca) by omf05.hostedemail.com (Postfix) with ESMTPA id 2CB9A2000D for ; Sat, 9 Mar 2024 19:42:28 +0000 (UTC) Message-ID: Date: Sat, 9 Mar 2024 12:42:27 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [ATTN: Maintainers] oss-sec: Vulnerabilities in FontTools & FontForge Reply-To: cygwin-apps@cygwin.com Content-Language: en-CA To: Cygwin Apps From: Brian Inglis Organization: Systematic Software Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2CB9A2000D X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Stat-Signature: eui76zwr3fys3ew8p3s4pm5txcy44gzd X-Rspamd-Server: rspamout01 X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1/1/3G56N4WYQ9JJ3N3RY+VJA+CpFJftno= X-HE-Tag: 1710013348-938262 X-HE-Meta: U2FsdGVkX19mF8n7RFQI93CyV4afYFLCPkSjPSaBXXUW85ry862CFYGjaG/KJU2vDIsbZ/KV3XW61uupOwcq+3CUJECDmnSx7CyeH93GkXA5Frp8yJs8D+DA+VyZpcfuSgrjzU2XaDYLp6oKlKZe1uTbWpfNCFcOgl21njfQ/5CNOT0ft2VtfbJQQq2TzvI8iNkUVVHth+Zh9HppWZc3NACx6beg0+SjOqb6Sx3DU0TeKfU3Q2mQ0nmjKngdFfhsrxwp8yW+AG/GKsxy4/NWL7ooJTZzrCU8ssB2NtsfZi0NxZhu403flge3WB8uQf6ouMP3XsQvStQZ7B1vpTFeWc48V9psKV89BE9RqcOLXm/oe6B5jjOrn6yloO60EXl2zzQ8SaoI/MWcKlyB4/FaFYwJb5fgmqbBpMB6YYmwUaS4TIdtbSek+AsoIOdxVXMlmh+GhkxcxEDZ77Uar18/0w3LxZfR7bydfcuoXCNqzE4= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ https://seclists.org/oss-sec/2024/q1/195 https://github.com/fonttools/fonttools/releases/tag/4.43.0 https://github.com/fontforge/fontforge/pull/5367 -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry