Marius,

Marius Bakke 写道：
> The 'freetype' package is vulnerable to CVE-2020-15999.

Oh dear.  'Thanks' for breaking the news.

> I'm busy for a couple of days and won't be able to work on it in 
> time.
> Volunteers wanted!

It feels like it shouldn't work (what with the different .so 
version & all) but I've been unable to break a ghostscript grafted 
to use 2.10.4.

I'm currently reconfiguring my system with it; if it works, I'll 
push it.

Whatever happens, I won't have time to apply the core-updates half 
tonight.

> Forwarding a message from oss-security, we may have to patch 
> Ghostscript
> as well:

I don't know enough about FT/GS's internals to really understand 
what's going on, but being a C(ompile-time) macro, this *could* be 
safe to graft, right?

Kind regards,

T G-R