Login
Newsletter
Werbung

Sicherheit: XML External Entity-Verarbeitung in fonttools
Aktuelle Meldungen Distributionen
Name: XML External Entity-Verarbeitung in fonttools
ID: FEDORA-2024-6d1d9f70d2
Distribution: Fedora
Plattformen: Fedora 39
Datum: Do, 25. Januar 2024, 06:48
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45139
Applikationen: fonttools

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-6d1d9f70d2
2024-01-25 00:38:48.210927
-------------------------------------------------------------------------------
-

Name : fonttools
Product : Fedora 39
Version : 4.43.1
Release : 1.fc39
URL : https://github.com/fonttools/fonttools/
Summary : Tools to manipulate font files
Description :

fontTools is a library for manipulating fonts, written in Python. The project
includes the TTX tool, that can convert TrueType and OpenType fonts to and
from an XML text format, which is also called TTX. It supports TrueType,
OpenType, AFM and to an extent Type 1 and some Mac-specific formats.

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2023-45139
-------------------------------------------------------------------------------
-
ChangeLog:

* Sun Oct 8 2023 Parag Nemade <pnemade AT redhat DOT com> - 4.43.1-1
- Update to 4.43.1 version (#2241574)
* Tue Aug 22 2023 Parag Nemade <pnemade AT redhat DOT com> - 4.42.1-1
- Update to 4.42.1 version (#2232931)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2257808 - CVE-2023-45139 fonttools: XML External Entity Injection
(XXE) Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2257808
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-6d1d9f70d2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung