ELA-149-1 freetype security update

Fix buffer over-read

Packagefreetype
Version2.4.9-1.1+deb7u8
Related CVE CVE-2015-9290

In FreeType a buffer over-read occured in type1/t1parse.c on function T1_Get_Private_Dict. The fix assures that ‘cur’ in the parser code doesn’t point to the end of the file buffer.

For Debian 7 Wheezy, these problems have been fixed in version 2.4.9-1.1+deb7u8.

We recommend that you upgrade your freetype packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/