Marius, Marius Bakke 写道: > The 'freetype' package is vulnerable to CVE-2020-15999. Oh dear. 'Thanks' for breaking the news. > I'm busy for a couple of days and won't be able to work on it in > time. > Volunteers wanted! It feels like it shouldn't work (what with the different .so version & all) but I've been unable to break a ghostscript grafted to use 2.10.4. I'm currently reconfiguring my system with it; if it works, I'll push it. Whatever happens, I won't have time to apply the core-updates half tonight. > Forwarding a message from oss-security, we may have to patch > Ghostscript > as well: I don't know enough about FT/GS's internals to really understand what's going on, but being a C(ompile-time) macro, this *could* be safe to graft, right? Kind regards, T G-R