ubuntu/+source/libxfont:applied/ubuntu/trusty-security

Last commit made on 2017-11-29
Get this branch:
git clone -b applied/ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/libxfont
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-security
Repository:
lp:ubuntu/+source/libxfont

Recent commits

1523a51... by Marc Deslauriers on 2017-11-29

Import patches-applied version 1:1.4.7-1ubuntu0.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0b4c1d0bfbae6a5c9e748270a626ccd57fa35a92
Unapplied parent: 626f0e70deef52ddbb3397d11beb3456de230f2c

New changelog entries:
  * SECURITY UPDATE: non-privileged arbitrary file access
    - debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font
      file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c.
    - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
      src/fontfile/dirfile.c, src/fontfile/fileio.c.
    - CVE-2017-16611

626f0e7... by Marc Deslauriers on 2017-11-29

Import patches-unapplied version 1:1.4.7-1ubuntu0.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c051ae1b611e37df8dfa79172d3bd02e4c29f4d9

New changelog entries:
  * SECURITY UPDATE: non-privileged arbitrary file access
    - debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font
      file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c.
    - debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
      src/fontfile/dirfile.c, src/fontfile/fileio.c.
    - CVE-2017-16611

0b4c1d0... by Marc Deslauriers on 2017-10-06

Import patches-applied version 1:1.4.7-1ubuntu0.3 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 95b3d2cce93dac82605e2f67e77f53f399d130e0
Unapplied parent: c051ae1b611e37df8dfa79172d3bd02e4c29f4d9

New changelog entries:
  * SECURITY UPDATE: invalid memory read in PatternMatch
    - debian/patches/CVE-2017-13720.patch: check for end of string in
      src/fontfile/fontdir.c.
    - CVE-2017-13720
  * SECURITY UPDATE: DoS or info leak via malformed PCF file
    - debian/patches/CVE-2017-13722.patch: check string boundaries in
      src/bitmap/pcfread.c.
    - CVE-2017-13722

c051ae1... by Marc Deslauriers on 2017-10-06

Import patches-unapplied version 1:1.4.7-1ubuntu0.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 043be31101122c51f375ece24f86548537d56740

New changelog entries:
  * SECURITY UPDATE: invalid memory read in PatternMatch
    - debian/patches/CVE-2017-13720.patch: check for end of string in
      src/fontfile/fontdir.c.
    - CVE-2017-13720
  * SECURITY UPDATE: DoS or info leak via malformed PCF file
    - debian/patches/CVE-2017-13722.patch: check string boundaries in
      src/bitmap/pcfread.c.
    - CVE-2017-13722

95b3d2c... by Marc Deslauriers on 2015-03-18

Import patches-applied version 1:1.4.7-1ubuntu0.2 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 31959e0f05b9a63bfbfb0b07813abecbd37ba9d0
Unapplied parent: 043be31101122c51f375ece24f86548537d56740

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
  * Backport some commits from git to solve ftbfs with newer fontsproto:
    - debian/patches/ftbfs-new-fontsproto.patch
    - debian/patches/ftbfs-new-fontsproto-2.patch

043be31... by Marc Deslauriers on 2015-03-18

Import patches-unapplied version 1:1.4.7-1ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: da3172040fa3a1937f3478251b12197421788679

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
  * Backport some commits from git to solve ftbfs with newer fontsproto:
    - debian/patches/ftbfs-new-fontsproto.patch
    - debian/patches/ftbfs-new-fontsproto-2.patch

31959e0... by Marc Deslauriers on 2014-05-13

Import patches-applied version 1:1.4.7-1ubuntu0.1 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2943876436e7cdf9f5ea72770bd8f086aedb882e
Unapplied parent: da3172040fa3a1937f3478251b12197421788679

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211

da31720... by Marc Deslauriers on 2014-05-13

Import patches-unapplied version 1:1.4.7-1ubuntu0.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 05c9f70de42c9f3635447a43560b9e4d754b8221

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211

2943876... by Julien Cristau on 2014-01-07

Import patches-applied version 1:1.4.7-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5181030d23fc44d8e59f4ed0e543eb683b81ea86
Unapplied parent: 05c9f70de42c9f3635447a43560b9e4d754b8221

New changelog entries:
  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server. That code is horrible and
    full of holes.

05c9f70... by Julien Cristau on 2014-01-07

Import patches-unapplied version 1:1.4.7-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9366b44d71d5183b688d6c0ff98814cf434514ea

New changelog entries:
  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server. That code is horrible and
    full of holes.