-
libxfont (1:2.0.1-3ubuntu0.2) zesty-security; urgency=medium
* SECURITY UPDATE: non-privileged arbitrary file access
- debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
src/fontfile/dirfile.c, src/fontfile/fileio.c.
- CVE-2017-16611
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 14:44:35 -0500
-
libxfont (1:2.0.1-3ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 11:43:22 -0400
-
libxfont (1:2.0.1-3) unstable; urgency=medium
[ Andreas Boll ]
* Remove dh-autoreconf build-dep. Not needed with debhelper 10.
* Remove obsolete Conflicts from pre-wheezy.
* Update a bunch of URLs in packaging to https.
* Remove superfluous --libdir from dh_auto_configure. Not needed with
debhelper compat level >= 9.
-- Timo Aaltonen <email address hidden> Thu, 24 Nov 2016 21:27:58 +0200
-
libxfont (1:2.0.1-2) unstable; urgency=medium
* Switch to -dbgsym packages.
* Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
they are enabled by default now.
* Upload to unstable.
-- Emilio Pozuelo Monfort <email address hidden> Tue, 22 Nov 2016 23:50:03 +0100
-
libxfont (1:1.5.2-1) unstable; urgency=medium
* Team upload.
* New upstream release.
* Use https URL in watch file.
* Add Adam Jackson's key to debian/upstream/signing-key.asc.
* Bump Standards-Version to 3.9.8.
* Use https URLs in Vcs-* control fields.
* Remove Drew from Uploaders.
-- Julien Cristau <email address hidden> Sat, 24 Sep 2016 12:46:32 +0200
-
libxfont (1:1.5.1-1) unstable; urgency=high
* New upstream release
+ bdfReadProperties: property count needs range check [CVE-2015-1802]
+ bdfReadCharacters: bailout if a char's bitmap cannot be read
[CVE-2015-1803]
+ bdfReadCharacters: ensure metrics fit into xCharInfo struct
[CVE-2015-1804]
-- Julien Cristau <email address hidden> Tue, 17 Mar 2015 16:55:21 +0100