Ubuntu
libxfont package

Change logs for libxfont source package in Precise

  1. Precise (12.04)
  2. Change log 
  • libxfont (1:1.4.4-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
 -- Marc Deslauriers <email address hidden>   Wed, 18 Mar 2015 07:33:04 -0400
  • libxfont (1:1.4.4-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211
 -- Marc Deslauriers <email address hidden>   Tue, 13 May 2014 12:30:10 -0400
  • libxfont (1:1.4.4-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflow
    - debian/patches/CVE-2013-6462.patch: limit sscanf field in
      src/bitmap/bdfread.c.
    - CVE-2013-6462
 -- Marc Deslauriers <email address hidden>   Mon, 30 Dec 2013 17:37:41 -0500
  • libxfont (1:1.4.4-1) unstable; urgency=high

  [ Julien Cristau ]
  * Drop Pre-Depends on x11-common (only needed for upgrades from the
    monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

  [ Cyril Brulebois ]
  * New upstream release:
    - LZW decompress: fix for CVE-2011-2895. From the commit message:
      “Specially crafted LZW stream can crash an application using libXfont
       that is used to open untrusted font files.  With X server, this may
       allow privilege escalation when exploited.”
  * Set urgency to “high” accordingly.
  * Update debian/copyright from upstream COPYING.
  * Bump xorg-sgml-doctools build-dep.
  * Drop xorg.css from .install, no longer shipped upstream.
 -- Timo Aaltonen <email address hidden>   Thu, 11 Aug 2011 11:17:16 +0200