UbuntuUpdates.org

Package "libxfont-dev"

Name: libxfont-dev

Description:

X11 font rasterisation library (development headers)
Latest version: 1:1.4.4-1ubuntu0.3
Release: precise (12.04)
Level: updates
Repository: main
Head package: libxfont

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libxfont-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libxfont-dev" in Precise

Repository Area Version
base main 1:1.4.4-1
security main 1:1.4.4-1ubuntu0.3

Changelog

Version: 1:1.4.4-1ubuntu0.3 2015-03-18 16:07:31 UTC

  libxfont (1:1.4.4-1ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
 -- Marc Deslauriers <email address hidden> Wed, 18 Mar 2015 07:33:04 -0400
Source diff to previous version
CVE-2015-1802 bdfReadProperties: property count needs range check
CVE-2015-1803 bdfReadCharacters: bailout if a char's bitmap cannot be read
CVE-2015-1804 bdfReadCharacters: ensure metrics fit into xCharInfo struct

Version: 1:1.4.4-1ubuntu0.2 2014-05-14 16:07:02 UTC

  libxfont (1:1.4.4-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    font metadata file parsing
    - debian/patches/CVE-2014-0209.patch: check for overflows in
      src/fontfile/dirfile.c, src/fontfile/fontdir.c.
    - CVE-2014-0209
  * SECURITY UPDATE: denial of service and possible code execution via
    xfs font server replies
    - debian/patches/CVE-2014-021x.patch: check lengths and sizes in
      src/fc/fsconvert.c, src/fc/fserve.c.
    - CVE-2014-0210
    - CVE-2014-0211
 -- Marc Deslauriers <email address hidden> Tue, 13 May 2014 12:30:10 -0400
Source diff to previous version
CVE-2014-0209 integer overflow of allocations in font metadata file parsing
CVE-2014-0210 unvalidated length fields when parsing xfs protocol replies
CVE-2014-0211 integer overflows calculating memory needs for xfs replies

Version: 1:1.4.4-1ubuntu0.1 2014-01-07 20:06:44 UTC

  libxfont (1:1.4.4-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflow
    - debian/patches/CVE-2013-6462.patch: limit sscanf field in
      src/bitmap/bdfread.c.
    - CVE-2013-6462
 -- Marc Deslauriers <email address hidden> Mon, 30 Dec 2013 17:37:41 -0500


About   -   Send Feedback to @ubuntu_updates