FreeType stuck on 2.5.2 in 16.04 (xenial), update to 2.6.3.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freetype (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I was browsing the package versions of current Xenial and was horrified to find that FreeType is currently stuck un-updated from Trusty (2.5.2), and it appears time is running out in the schedule to update it. There are an enormous number of improvements in the newer versions of FreeType. Specifically, in 2.6 an actual thread safety model was introduced (FreeType is no longer thread antagonistic). Also, between 2.6 and 2.6.2 FreeType was heavily fuzzed which resulted in a number of fixes, some of which may be of security interest but because they were not found as vulnerabilities they will probably never end up with CVE numbers. I would highly recommend updating the version of FreeType in Xenial to 2.6.3.
Status changed to 'Confirmed' because the bug affects multiple users.