ubuntu/+source/libxfont:applied/ubuntu/utopic-updates

Last commit made on 2015-03-18
Get this branch:
git clone -b applied/ubuntu/utopic-updates https://git.launchpad.net/ubuntu/+source/libxfont
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/utopic-updates
Repository:
lp:ubuntu/+source/libxfont

Recent commits

55be409... by Marc Deslauriers on 2015-03-18

Import patches-applied version 1:1.4.99.901-1ubuntu0.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: c51801e73e486af8fdbfce1bc5fe598e09aded01
Unapplied parent: 9ac37bc08775cddcb7975c37bdc82d94e83a4589

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

9ac37bc... by Marc Deslauriers on 2015-03-18

Import patches-unapplied version 1:1.4.99.901-1ubuntu0.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 698a2b7f423756164929c95bfa57245f526af2b9

New changelog entries:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

c51801e... by Julien Cristau on 2014-07-12

Import patches-applied version 1:1.4.99.901-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: e781fb19ce7f9b2b25edd446efbc78420443bed5
Unapplied parent: 698a2b7f423756164929c95bfa57245f526af2b9

New changelog entries:
  * New upstream release candidate.
    + includes the CVE-2014-{0209,0210,0211} patches
  * Remove Cyril from Uploaders.
  * Allow uscan to verify tarball signature.

698a2b7... by Julien Cristau on 2014-07-12

Import patches-unapplied version 1:1.4.99.901-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1166f427fea11d026b7463292e0d55d3a6e388c0

New changelog entries:
  * New upstream release candidate.
    + includes the CVE-2014-{0209,0210,0211} patches
  * Remove Cyril from Uploaders.
  * Allow uscan to verify tarball signature.

e781fb1... by Julien Cristau on 2014-05-13

Import patches-applied version 1:1.4.7-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 2943876436e7cdf9f5ea72770bd8f086aedb882e
Unapplied parent: 1166f427fea11d026b7463292e0d55d3a6e388c0

New changelog entries:
  * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
  * CVE-2014-0209: integer overflow of allocations in font metadata
  * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
  * CVE-2014-0211: integer overflows calculating memory needs for xfs replies
  * Add breaks on xfs because we broke it by disabling font protocol support
    in 1.4.7.

1166f42... by Julien Cristau on 2014-05-13

Import patches-unapplied version 1:1.4.7-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 05c9f70de42c9f3635447a43560b9e4d754b8221

New changelog entries:
  * Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
  * CVE-2014-0209: integer overflow of allocations in font metadata
  * CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
  * CVE-2014-0211: integer overflows calculating memory needs for xfs replies
  * Add breaks on xfs because we broke it by disabling font protocol support
    in 1.4.7.

2943876... by Julien Cristau on 2014-01-07

Import patches-applied version 1:1.4.7-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 5181030d23fc44d8e59f4ed0e543eb683b81ea86
Unapplied parent: 05c9f70de42c9f3635447a43560b9e4d754b8221

New changelog entries:
  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server. That code is horrible and
    full of holes.

05c9f70... by Julien Cristau on 2014-01-07

Import patches-unapplied version 1:1.4.7-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9366b44d71d5183b688d6c0ff98814cf434514ea

New changelog entries:
  * New upstream release
    + CVE-2013-6462: unlimited sscanf overflows stack buffer in
      bdfReadCharacters()
  * Don't put dbg symbols from the udeb in the dbg package.
  * dev package is no longer Multi-Arch: same (closes: #720026).
  * Disable support for connecting to a font server. That code is horrible and
    full of holes.

5181030... by Julien Cristau on 2013-08-12

Import patches-applied version 1:1.4.6-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a931f05930d5fa623395402e1a4112c2be3e64ce
Unapplied parent: 9366b44d71d5183b688d6c0ff98814cf434514ea

New changelog entries:
  * New upstream release.
  * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks!
  * Disable silent build rules.

9366b44... by Julien Cristau on 2013-08-12

Import patches-unapplied version 1:1.4.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b9dfc5deaf0697c27a2b83d987e428a1c937b453

New changelog entries:
  * New upstream release.
  * Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks!
  * Disable silent build rules.