Ubuntu
libxfont package

Branches for Trusty

Name Status Last Modified Last Commit
lp:ubuntu/trusty/libxfont 2 Mature 2014-01-07 17:51:29 UTC
33. * New upstream release + CVE-2013-6...

Author: Julien Cristau
Revision Date: 2014-01-07 17:51:29 UTC

* New upstream release
  + CVE-2013-6462: unlimited sscanf overflows stack buffer in
    bdfReadCharacters()
* Don't put dbg symbols from the udeb in the dbg package.
* dev package is no longer Multi-Arch: same (closes: #720026).
* Disable support for connecting to a font server. That code is horrible and
  full of holes.
lp:ubuntu/trusty-security/libxfont 2 Mature 2015-03-18 07:32:09 UTC
35. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:32:09 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804
* Backport some commits from git to solve ftbfs with newer fontsproto:
  - debian/patches/ftbfs-new-fontsproto.patch
  - debian/patches/ftbfs-new-fontsproto-2.patch
lp:ubuntu/trusty-updates/libxfont 2 Mature 2015-03-18 07:32:09 UTC
35. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:32:09 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804
* Backport some commits from git to solve ftbfs with newer fontsproto:
  - debian/patches/ftbfs-new-fontsproto.patch
  - debian/patches/ftbfs-new-fontsproto-2.patch
lp:ubuntu/trusty-proposed/libxfont 1 Development 2014-01-07 19:14:22 UTC
33. * New upstream release + CVE-2013-6...

Author: Julien Cristau
Revision Date: 2014-01-07 17:51:29 UTC

* New upstream release
  + CVE-2013-6462: unlimited sscanf overflows stack buffer in
    bdfReadCharacters()
* Don't put dbg symbols from the udeb in the dbg package.
* dev package is no longer Multi-Arch: same (closes: #720026).
* Disable support for connecting to a font server. That code is horrible and
  full of holes.
14 of 4 results FirstPreviousNextLast