UbuntuUpdates.org

Package "libxfont"

Name: libxfont

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • X11 font rasterisation library (development headers)
  • X11 font rasterisation library
  • X11 font rasterisation library (debug package)
Latest version: 1:1.4.4-1ubuntu0.3
Release: precise (12.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libxfont" in Precise

Repository Area Version
base main 1:1.4.4-1
updates main 1:1.4.4-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:1.4.4-1ubuntu0.3 2015-03-18 16:07:26 UTC

  libxfont (1:1.4.4-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
 -- Marc Deslauriers <email address hidden> Wed, 18 Mar 2015 07:33:04 -0400
Source diff to previous version
CVE-2015-1802 bdfReadProperties: property count needs range check
CVE-2015-1803 bdfReadCharacters: bailout if a char's bitmap cannot be read
CVE-2015-1804 bdfReadCharacters: ensure metrics fit into xCharInfo struct

Version: 1:1.4.4-1ubuntu0.2 2014-05-14 15:07:14 UTC

  libxfont (1:1.4.4-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211
 -- Marc Deslauriers <email address hidden> Tue, 13 May 2014 12:30:10 -0400
Source diff to previous version
CVE-2014-0209 integer overflow of allocations in font metadata file parsing
CVE-2014-0210 unvalidated length fields when parsing xfs protocol replies
CVE-2014-0211 integer overflows calculating memory needs for xfs replies

Version: 1:1.4.4-1ubuntu0.1 2014-01-07 19:07:18 UTC

  libxfont (1:1.4.4-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflow
    - debian/patches/CVE-2013-6462.patch: limit sscanf field in
      src/bitmap/bdfread.c.
    - CVE-2013-6462
 -- Marc Deslauriers <email address hidden> Mon, 30 Dec 2013 17:37:41 -0500


About   -   Send Feedback to @ubuntu_updates