libxfont (1:2.0.1-3ubuntu0.2) zesty-security; urgency=medium * SECURITY UPDATE: non-privileged arbitrary file access - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in src/fontfile/dirfile.c, src/fontfile/fileio.c. - CVE-2017-16611 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 14:44:35 -0500