-
libxfont1 (1:1.5.2-4ubuntu0.2) zesty-security; urgency=medium
* SECURITY UPDATE: non-privileged arbitrary file access
- debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
src/fontfile/dirfile.c, src/fontfile/fileio.c.
- CVE-2017-16611
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 14:48:54 -0500
-
libxfont1 (1:1.5.2-4ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 11:46:56 -0400
-
libxfont1 (1:1.5.2-4) unstable; urgency=medium
[ Andreas Boll ]
* Fix a typo in override_dh_strip.
* Remove dh-autoreconf build-dep. Not needed with debhelper 10.
* Remove obsolete Conflicts from pre-wheezy.
* Update a bunch of URLs in packaging to https.
* Remove superfluous --libdir from dh_auto_configure. Not needed with
debhelper compat level >= 9.
-- Timo Aaltonen <email address hidden> Thu, 24 Nov 2016 21:26:43 +0200
-
libxfont1 (1:1.5.2-3) unstable; urgency=medium
* Drop libxfont1-udeb.
* Switch to -dbgsym.
* Bump debhelper compat to 10. Drop --with quilt and --parallel flags,
they are enabled by default now.
-- Timo Aaltonen <email address hidden> Thu, 24 Nov 2016 00:16:53 +0200
-
libxfont1 (1:1.5.2-2) unstable; urgency=medium
* Rename source to libxfont1.
* Rename dev package to libxfont1-dev.
* control: Move to oldlibs.
* control: Add myself to uploaders.
-- Timo Aaltonen <email address hidden> Thu, 17 Nov 2016 13:19:18 +0200
