File _patchinfo of Package patchinfo.17349

<patchinfo incident="17349">
  <issue tracker="cve" id="2020-25690"/>
  <issue tracker="cve" id="2020-5395"/>
  <issue tracker="bnc" id="1178308">VUL-0: CVE-2020-25690: fontforge: insufficient backport of CVE-2020-5395</issue>
  <issue tracker="bnc" id="1160220">VUL-1: CVE-2020-5395: fontforge: use-after-free in SFD_GetFontMetaData in sfd.c</issue>
  <packager>qzhao</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for fontforge</summary>
  <description>This update for fontforge fixes the following issues:

- fix for Use-after-free (heap) in the SFD_GetFontMetaData() function and the crash (bsc#1178308 CVE-2020-25690).
</description>
</patchinfo>
openSUSE Build Service is sponsored by