Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
fontforge: CVE-2020-5395, CVE-2020-5496 #88557
Motivation for this change
See the commit message for reasoning.
This needs to be backported to
These CVEs have two different issues being tagged as 'Exploit'. CVE-2020-5395 : fontforge/fontforge#4084 CVE-2020-5496 : fontforge/fontforge#4085 Both issues refer to  as a fix, so I guess this patch fixes it.  https://nvd.nist.gov/vuln/detail/CVE-2020-5395  https://nvd.nist.gov/vuln/detail/CVE-2020-5496  fontforge/fontforge@048a91e
Fixed the https URL.
We use fetchurl, as we are building from the release tarball, not from source. I'm not satisfied with the situation but it's non-trivial to fix, as the release tarball contains more than just the sources. I'm working on a PR that fixes the issue and upgrades to