libxfont1 (1:1.5.2-4ubuntu0.2) zesty-security; urgency=medium * SECURITY UPDATE: non-privileged arbitrary file access - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in src/fontfile/dirfile.c, src/fontfile/fileio.c. - CVE-2017-16611 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 14:48:54 -0500