Change logs for libxfont source package in Zesty

libxfont (1:2.0.1-3ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: non-privileged arbitrary file access
    - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
      src/fontfile/dirfile.c, src/fontfile/fileio.c.
    - CVE-2017-16611

 -- Marc Deslauriers <email address hidden>  Tue, 28 Nov 2017 14:44:35 -0500

libxfont (1:2.0.1-3ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: invalid memory read in PatternMatch
    - debian/patches/CVE-2017-13720.patch: check for end of string in
      src/fontfile/fontdir.c.
    - CVE-2017-13720
  * SECURITY UPDATE: DoS or info leak via malformed PCF file
    - debian/patches/CVE-2017-13722.patch: check string boundaries in
      src/bitmap/pcfread.c.
    - CVE-2017-13722

 -- Marc Deslauriers <email address hidden>  Fri, 06 Oct 2017 11:43:22 -0400

libxfont (1:2.0.1-3) unstable; urgency=medium

  [ Andreas Boll ]
  * Remove dh-autoreconf build-dep. Not needed with debhelper 10.
  * Remove obsolete Conflicts from pre-wheezy.
  * Update a bunch of URLs in packaging to https.
  * Remove superfluous --libdir from dh_auto_configure. Not needed with
    debhelper compat level >= 9.

 -- Timo Aaltonen <email address hidden>  Thu, 24 Nov 2016 21:27:58 +0200

libxfont (1:2.0.1-2) unstable; urgency=medium

  * Switch to -dbgsym packages.
  * Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
    they are enabled by default now.
  * Upload to unstable.

 -- Emilio Pozuelo Monfort <email address hidden>  Tue, 22 Nov 2016 23:50:03 +0100

libxfont (1:1.5.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * Use https URL in watch file.
  * Add Adam Jackson's key to debian/upstream/signing-key.asc.
  * Bump Standards-Version to 3.9.8.
  * Use https URLs in Vcs-* control fields.
  * Remove Drew from Uploaders.

 -- Julien Cristau <email address hidden>  Sat, 24 Sep 2016 12:46:32 +0200

libxfont (1:1.5.1-1) unstable; urgency=high


  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

 -- Julien Cristau <email address hidden>  Tue, 17 Mar 2015 16:55:21 +0100