-
libxfont1 (1:1.5.2-4ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: non-privileged arbitrary file access
- debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
src/fontfile/dirfile.c, src/fontfile/fileio.c.
- CVE-2017-16611
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 14:49:56 -0500
-
libxfont1 (1:1.5.2-4ubuntu1) artful; urgency=medium
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 10:05:59 -0400
-
libxfont1 (1:1.5.2-4) unstable; urgency=medium
[ Andreas Boll ]
* Fix a typo in override_dh_strip.
* Remove dh-autoreconf build-dep. Not needed with debhelper 10.
* Remove obsolete Conflicts from pre-wheezy.
* Update a bunch of URLs in packaging to https.
* Remove superfluous --libdir from dh_auto_configure. Not needed with
debhelper compat level >= 9.
-- Timo Aaltonen <email address hidden> Thu, 24 Nov 2016 21:26:43 +0200
