Ubuntu
libxfont package

lp:ubuntu/lucid-security/libxfont

Lucid (10.04)
lucid-security

Created by Ubuntu Package Importer on 2011-08-31 and last modified on 2015-03-18

Get this branch:: bzr branch lp:ubuntu/lucid-security/libxfont

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

27. By Marc Deslauriers on 2015-03-18: * SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804
26. By Marc Deslauriers on 2014-05-13: * SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211
25. By Marc Deslauriers on 2013-12-30: * SECURITY UPDATE: denial of service and possible code execution via
  stack overflow
  - debian/patches/CVE-2013-6462.patch: limit sscanf field in
    src/bitmap/bdfread.c.
  - CVE-2013-6462
24. By Marc Deslauriers on 2011-08-11: * SECURITY UPDATE: arbitrary code execution via overflow
  - debian/patches/CVE-2011-2895.patch: check remaining length in
    src/fontfile/decompress.c.
  - CVE-2011-2895
23. By Julien Cristau on 2009-12-02: * New upstream release.
* Bump xutils-dev build-dep for new util-macros.
* Build documentation, install it in libxfont-dev.
* Enable support for bzip2 compressed bitmap fonts.
* Don't use LDFLAGS from the environment. Ubuntu sets that to
-Bsymbolic-functions, which breaks libXfont's weak symbols usage.
22. By StefanPotyra on 2009-05-09: * Rebase to unstable, remaining change:
  + debian/rules: unset LDFLAGS to not be hit by -Bsymbolic-functions,
    as libxfont contains weak symbols which are meant to be overriden
    (cf. LP #226156).
21. By StefanPotyra on 2008-08-23: Merge from unstable (LP: #260727), remaining change:
debian/rules: explicitely unset LDFLAGS in order to avoid that
"-Bsymbolic-functions" will get set: libxfont contains a number
of weak symbols, which are meant to be overridden (cf. LP 226156).
20. By StefanPotyra on 2008-05-13: * debian/rules: Explicetly use empty LDFLAGS, closes LP: #226156.
* debian/control: Mangle Maintainer field according to spec.
19. By Julien Cristau on 2008-03-07: * New upstream release
* Drop CVE-2008-0006.diff, included upstream.
18. By Julien Cristau on 2008-01-17: * High urgency upload for security fix.
* Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
* debian/control updates
  + add myself to Uploaders, and remove Branden and Fabio with their
    permission
  + s/^XS-Vcs/Vcs/
  + bump Standards-Version to 3.7.3 (no changes)
  + libxfont1 is Section: libs
  + libxfont-dev and libxfont1-dbg are Section: libdevel

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/oneiric/libxfont

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntulibxfont package