[Bug 1273341] Re: Sync libxfont 1:1.4.7-1 (main) from Debian unstable (main)

Mon Feb 3 09:33:39 UTC 2014

this got synced already

** Changed in: libxfont (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1273341

Title:
  Sync libxfont 1:1.4.7-1 (main) from Debian unstable (main)

Status in “libxfont” package in Ubuntu:
  Fix Released

Bug description:
  Please sync libxfont 1:1.4.7-1 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: denial of service and possible code execution via
      stack overflow
      - debian/patches/CVE-2013-6462.patch: limit sscanf field in
        src/bitmap/bdfread.c.
      - CVE-2013-6462
  This security fix is in the new upstream release in Debian.

  Changelog entries since current trusty version 1:1.4.6-1ubuntu1:

  libxfont (1:1.4.7-1) unstable; urgency=high

    * New upstream release
      + CVE-2013-6462: unlimited sscanf overflows stack buffer in
        bdfReadCharacters()
    * Don't put dbg symbols from the udeb in the dbg package.
    * dev package is no longer Multi-Arch: same (closes: #720026).
    * Disable support for connecting to a font server.  That code is horrible and
      full of holes.

   -- Julien Cristau <jcristau at debian.org>  Tue, 07 Jan 2014 17:51:29
  +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxfont/+bug/1273341/+subscriptions