Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution , this problem has been fixed in version 2.2.1-5+etch4. For the stable distribution , this problem has been fixed in version 2.3.7-2+lenny1. For the testing distribution , this problem will be fixed soon. For the unstable distribution , this problem has been fixed in version 2.3.9-4.1. We recommend that you upgrade your freetype packages.