Package "libxfont1-dbg"
Name: |
libxfont1-dbg
|
Description: |
X11 font rasterisation library (debug package)
|
Latest version: |
1:1.4.7-1ubuntu0.4 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
libxfont |
Links
Download "libxfont1-dbg"
Other versions of "libxfont1-dbg" in Trusty
Changelog
libxfont (1:1.4.7-1ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: non-privileged arbitrary file access
- debian/patches/CVE-2017-16611-pre.patch: set close-on-exec for font
file I/O in src/fontfile/fileio.c, src/fontfile/filewr.c.
- debian/patches/CVE-2017-16611.patch: open files with O_NOFOLLOW in
src/fontfile/dirfile.c, src/fontfile/fileio.c.
- CVE-2017-16611
-- Marc Deslauriers <email address hidden> Wed, 29 Nov 2017 09:48:10 -0500
|
Source diff to previous version |
|
libxfont (1:1.4.7-1ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: invalid memory read in PatternMatch
- debian/patches/CVE-2017-13720.patch: check for end of string in
src/fontfile/fontdir.c.
- CVE-2017-13720
* SECURITY UPDATE: DoS or info leak via malformed PCF file
- debian/patches/CVE-2017-13722.patch: check string boundaries in
src/bitmap/pcfread.c.
- CVE-2017-13722
-- Marc Deslauriers <email address hidden> Fri, 06 Oct 2017 11:45:05 -0400
|
Source diff to previous version |
CVE-2017-1372 |
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri |
|
libxfont (1:1.4.7-1ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code exection via invalid property count
- debian/patches/CVE-2015-1802.patch: check for integer overflow in
src/bitmap/bdfread.c.
- CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
- debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
in src/bitmap/bdfread.c.
- CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
- debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
src/bitmap/bdfread.c.
- CVE-2015-1804
* Backport some commits from git to solve ftbfs with newer fontsproto:
- debian/patches/ftbfs-new-fontsproto.patch
- debian/patches/ftbfs-new-fontsproto-2.patch
-- Marc Deslauriers <email address hidden> Wed, 18 Mar 2015 07:32:09 -0400
|
Source diff to previous version |
CVE-2015-1802 |
bdfReadProperties: property count needs range check |
CVE-2015-1803 |
bdfReadCharacters: bailout if a char's bitmap cannot be read |
CVE-2015-1804 |
bdfReadCharacters: ensure metrics fit into xCharInfo struct |
|
libxfont (1:1.4.7-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
font metadata file parsing
- debian/patches/CVE-2014-0209.patch: check for overflows in
src/fontfile/dirfile.c, src/fontfile/fontdir.c.
- CVE-2014-0209
* SECURITY UPDATE: denial of service and possible code execution via
xfs font server replies
- debian/patches/CVE-2014-021x.patch: check lengths and sizes in
src/fc/fsconvert.c, src/fc/fserve.c.
- CVE-2014-0210
- CVE-2014-0211
-- Marc Deslauriers <email address hidden> Tue, 13 May 2014 11:57:20 -0400
|
CVE-2014-0209 |
integer overflow of allocations in font metadata file parsing |
CVE-2014-0210 |
unvalidated length fields when parsing xfs protocol replies |
CVE-2014-0211 |
integer overflows calculating memory needs for xfs replies |
|
About
-
Send Feedback to @ubuntu_updates