ubuntu/+source/libxfont:applied/ubuntu/precise-security

Last commit made on 2015-03-18
Get this branch:
git clone -b applied/ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/libxfont
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-security
Repository:
lp:ubuntu/+source/libxfont

Recent commits

5053c5c... by Marc Deslauriers on 2015-03-18

Import patches-applied version 1:1.4.4-1ubuntu0.3 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 8a356fdcb1e522ce708833822797fe36fe44e5e7
Unapplied parent: 70f816870529b36f2c56f5177df60864b07de36f

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

70f8168... by Marc Deslauriers on 2015-03-18

Import patches-unapplied version 1:1.4.4-1ubuntu0.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e5847993956f5f57e9b3b0ae232b566110c60b6b

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

8a356fd... by Marc Deslauriers on 2014-05-13

Import patches-applied version 1:1.4.4-1ubuntu0.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a9677be16c98c8671fe301f2f8bdc90c6eb1cd98
Unapplied parent: e5847993956f5f57e9b3b0ae232b566110c60b6b

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211

e584799... by Marc Deslauriers on 2014-05-13

Import patches-unapplied version 1:1.4.4-1ubuntu0.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 685bb9e3ff4a0e7071679d27d913cf62fb073154

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211

a9677be... by Marc Deslauriers on 2013-12-30

Import patches-applied version 1:1.4.4-1ubuntu0.1 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 9279851db1e78075fcb6cfc9e26f7f6ad4c2d7cf
Unapplied parent: 685bb9e3ff4a0e7071679d27d913cf62fb073154

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflow
    - debian/patches/CVE-2013-6462.patch: limit sscanf field in
      src/bitmap/bdfread.c.
    - CVE-2013-6462

685bb9e... by Marc Deslauriers on 2013-12-30

Import patches-unapplied version 1:1.4.4-1ubuntu0.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 9b53e894a8f4e75306533d59d6bec6319d372f4f

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflow
    - debian/patches/CVE-2013-6462.patch: limit sscanf field in
      src/bitmap/bdfread.c.
    - CVE-2013-6462

9279851... by Cyril Brulebois on 2011-08-11

Import patches-applied version 1:1.4.4-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: f57f66ebc03a8031ab645980388b49338a7bdfa4
Unapplied parent: 9b53e894a8f4e75306533d59d6bec6319d372f4f

New changelog entries:
  [ Julien Cristau ]
  * Drop Pre-Depends on x11-common (only needed for upgrades from the
    monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).
  [ Cyril Brulebois ]
  * New upstream release:
    - LZW decompress: fix for CVE-2011-2895. From the commit message:
      “Specially crafted LZW stream can crash an application using libXfont
       that is used to open untrusted font files. With X server, this may
       allow privilege escalation when exploited.”
  * Set urgency to “high” accordingly.
  * Update debian/copyright from upstream COPYING.
  * Bump xorg-sgml-doctools build-dep.
  * Drop xorg.css from .install, no longer shipped upstream.

9b53e89... by Cyril Brulebois on 2011-08-11

Import patches-unapplied version 1:1.4.4-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ac010e6bd79f641aa360142589eb3c53a6825be9

New changelog entries:
  [ Julien Cristau ]
  * Drop Pre-Depends on x11-common (only needed for upgrades from the
    monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).
  [ Cyril Brulebois ]
  * New upstream release:
    - LZW decompress: fix for CVE-2011-2895. From the commit message:
      “Specially crafted LZW stream can crash an application using libXfont
       that is used to open untrusted font files. With X server, this may
       allow privilege escalation when exploited.”
  * Set urgency to “high” accordingly.
  * Update debian/copyright from upstream COPYING.
  * Bump xorg-sgml-doctools build-dep.
  * Drop xorg.css from .install, no longer shipped upstream.

f57f66e... by Cyril Brulebois on 2011-02-05

Import patches-applied version 1:1.4.3-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 135a93ba72cb24964b2815ae443b63c7ff176e02
Unapplied parent: ac010e6bd79f641aa360142589eb3c53a6825be9

New changelog entries:
  * Upload to unstable.

ac010e6... by Cyril Brulebois on 2011-02-05

Import patches-unapplied version 1:1.4.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d21de72de58121fb125a598fac84d5693ccaf2b3

New changelog entries:
  * Upload to unstable.