lp:ubuntu/lucid-security/libxfont

Created by Ubuntu Package Importer on 2011-08-31 and last modified on 2015-03-18
Get this branch:
bzr branch lp:ubuntu/lucid-security/libxfont
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

27. By Marc Deslauriers on 2015-03-18

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

26. By Marc Deslauriers on 2014-05-13

* SECURITY UPDATE: denial of service and possible code execution via
  font metadata file parsing
  - debian/patches/CVE-2014-0209.patch: check for overflows in
    src/fontfile/dirfile.c, src/fontfile/fontdir.c.
  - CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
  xfs font server replies
  - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
    src/fc/fsconvert.c, src/fc/fserve.c.
  - CVE-2014-0210
  - CVE-2014-0211

25. By Marc Deslauriers on 2013-12-30

* SECURITY UPDATE: denial of service and possible code execution via
  stack overflow
  - debian/patches/CVE-2013-6462.patch: limit sscanf field in
    src/bitmap/bdfread.c.
  - CVE-2013-6462

24. By Marc Deslauriers on 2011-08-11

* SECURITY UPDATE: arbitrary code execution via overflow
  - debian/patches/CVE-2011-2895.patch: check remaining length in
    src/fontfile/decompress.c.
  - CVE-2011-2895

23. By Julien Cristau on 2009-12-02

* New upstream release.
* Bump xutils-dev build-dep for new util-macros.
* Build documentation, install it in libxfont-dev.
* Enable support for bzip2 compressed bitmap fonts.
* Don't use LDFLAGS from the environment. Ubuntu sets that to
  -Bsymbolic-functions, which breaks libXfont's weak symbols usage.

22. By StefanPotyra on 2009-05-09

* Rebase to unstable, remaining change:
  + debian/rules: unset LDFLAGS to not be hit by -Bsymbolic-functions,
    as libxfont contains weak symbols which are meant to be overriden
    (cf. LP #226156).

21. By StefanPotyra on 2008-08-23

Merge from unstable (LP: #260727), remaining change:
debian/rules: explicitely unset LDFLAGS in order to avoid that
"-Bsymbolic-functions" will get set: libxfont contains a number
of weak symbols, which are meant to be overridden (cf. LP 226156).

20. By StefanPotyra on 2008-05-13

* debian/rules: Explicetly use empty LDFLAGS, closes LP: #226156.
* debian/control: Mangle Maintainer field according to spec.

19. By Julien Cristau on 2008-03-07

* New upstream release
* Drop CVE-2008-0006.diff, included upstream.

18. By Julien Cristau on 2008-01-17

* High urgency upload for security fix.
* Fix a buffer overflow in the PCF font parser (CVE-2008-0006).
* debian/control updates
  + add myself to Uploaders, and remove Branden and Fabio with their
    permission
  + s/^XS-Vcs/Vcs/
  + bump Standards-Version to 3.7.3 (no changes)
  + libxfont1 is Section: libs
  + libxfont-dev and libxfont1-dbg are Section: libdevel

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/libxfont
This branch contains Public information 
Everyone can see this information.

Subscribers