-
626f0e7...
by
Marc Deslauriers
on 2017-11-29
-
Import patches-unapplied version 1:1.4.7-1ubuntu0.4 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: c051ae1b611e37df8dfa79172d3bd02e4c29f4d9
New changelog entries:
* SECURITY UPDATE: non-privileged arbitrary file access
- debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font
file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c.
- debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
src/fontfile/dirfile.c, src/fontfile/fileio.c.
- CVE-2017-16611
-
c051ae1...
by
Marc Deslauriers
on 2017-10-06
-
Import patches-unapplied version 1:1.4.7-1ubuntu0.3 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 043be31101122c51f375ece24f86548537d56740
New changelog entries:
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-
043be31...
by
Marc Deslauriers
on 2015-03-18
-
Import patches-unapplied version 1:1.4.7-1ubuntu0.2 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: da3172040fa3a1937f3478251b12197421788679
New changelog entries:
* SECURITY UPDATE: arbitrary code exection via invalid property count
- debian/patches/CVE-2015-1802.patch: check for integer overflow in
src/bitmap/bdfread.c.
- CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
- debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
in src/bitmap/bdfread.c.
- CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
- debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
src/bitmap/bdfread.c.
- CVE-2015-1804
* Backport some commits from git to solve ftbfs with newer fontsproto:
- debian/patches/ftbfs-new-fontsproto.patch
- debian/patches/ftbfs-new-fontsproto-2.patch
-
da31720...
by
Marc Deslauriers
on 2014-05-13
-
Import patches-unapplied version 1:1.4.7-1ubuntu0.1 to ubuntu/trusty-security
Imported using git-ubuntu import.
Changelog parent: 05c9f70de42c9f3635447a43560b9e4d754b8221
New changelog entries:
* SECURITY UPDATE: denial of service and possible code execution via
font metadata file parsing
- debian/patches/CVE-2014-0209.patch: check for overflows in
src/fontfile/dirfile.c, src/fontfile/fontdir.c.
- CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
xfs font server replies
- debian/patches/CVE-2014-021x.patch: check lengths and sizes in
src/fc/fsconvert.c, src/fc/fserve.c.
- CVE-2014-0210
- CVE-2014-0211
-
05c9f70...
by
Julien Cristau
on 2014-01-07
-
Import patches-unapplied version 1:1.4.7-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 9366b44d71d5183b688d6c0ff98814cf434514ea
New changelog entries:
* New upstream release
+ CVE-2013-6462: unlimited sscanf overflows stack buffer in
bdfReadCharacters()
* Don't put dbg symbols from the udeb in the dbg package.
* dev package is no longer Multi-Arch: same (closes: #720026).
* Disable support for connecting to a font server. That code is horrible and
full of holes.
-
9366b44...
by
Julien Cristau
on 2013-08-12
-
Import patches-unapplied version 1:1.4.6-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: b9dfc5deaf0697c27a2b83d987e428a1c937b453
New changelog entries:
* New upstream release.
* Build for multiarch (closes: #654252). Patch by Riku Voipio, thanks!
* Disable silent build rules.
-
b9dfc5d...
by
Cyril Brulebois
on 2012-05-03
-
Import patches-unapplied version 1:1.4.5-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: a93378db5878d94bb66100aecf5533e90b293a33
New changelog entries:
* Ease sync for Ubuntu: strip -Bsymbolic-functions from LDFLAGS
(LP: #992745).
-
a93378d...
by
Cyril Brulebois
on 2012-03-04
-
Import patches-unapplied version 1:1.4.5-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 9b53e894a8f4e75306533d59d6bec6319d372f4f
New changelog entries:
[ Cyril Brulebois ]
* New upstream release.
* Switch to dh:
- Bump debhelper build-dep and compat.
- Rewrite debian/rules, using autoreconf and quilt sequences.
- Adjust build dependencies accordingly.
- Use build-main and build-udeb as build directories.
- Adjust .install accordingly.
* Remove xsfbs accordingly.
* Add support for hardened build flags through dpkg-buildflags, based
on a patch by Moritz Muehlenhoff, thanks! (Closes: #654154).
[ Julien Cristau ]
* Remove David Nusinow from Uploaders.
-
9b53e89...
by
Cyril Brulebois
on 2011-08-11
-
Import patches-unapplied version 1:1.4.4-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: ac010e6bd79f641aa360142589eb3c53a6825be9
New changelog entries:
[ Julien Cristau ]
* Drop Pre-Depends on x11-common (only needed for upgrades from the
monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).
[ Cyril Brulebois ]
* New upstream release:
- LZW decompress: fix for CVE-2011-2895. From the commit message:
“Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited.”
* Set urgency to “high” accordingly.
* Update debian/copyright from upstream COPYING.
* Bump xorg-sgml-doctools build-dep.
* Drop xorg.css from .install, no longer shipped upstream.
-
ac010e6...
by
Cyril Brulebois
on 2011-02-05
-
Import patches-unapplied version 1:1.4.3-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: d21de72de58121fb125a598fac84d5693ccaf2b3
New changelog entries:
* Upload to unstable.
