-
libxfont (1:2.0.3-1) unstable; urgency=medium
* Add Matthieu Herrb's key to d/u/signing-key.asc
* New upstream release.
+ Open files with O_NOFOLLOW. (CVE-2017-16611)
* Update package metadata for move to salsa.
-- Julien Cristau <email address hidden> Sun, 18 Mar 2018 16:35:45 +0100
-
libxfont (1:2.0.1-4ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: non-privileged arbitrary file access
- src/fontfile/dirfile.c, src/fontfile/fileio.c: open files with
O_NOFOLLOW.
- CVE-2017-16611
-- Marc Deslauriers <email address hidden> Wed, 29 Nov 2017 15:10:48 -0500
-
libxfont (1:2.0.1-4) unstable; urgency=high
* Check for end of string in PatternMatch (CVE-2017-13720)
* pcfGetProperties: Check string boundaries (CVE-2017-13722)
-- Julien Cristau <email address hidden> Fri, 06 Oct 2017 22:19:41 +0200
-
libxfont (1:2.0.1-3ubuntu1) artful; urgency=medium
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 10:03:20 -0400
