[ubuntu/vivid-proposed] libxfont 1:1.4.99.901-1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 18 12:15:16 UTC 2015 

libxfont (1:1.4.99.901-1ubuntu1) vivid; urgency=medium

  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

Date: Wed, 18 Mar 2015 07:26:08 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxfont/1:1.4.99.901-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 18 Mar 2015 07:26:08 -0400
Source: libxfont
Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev
Architecture: source
Version: 1:1.4.99.901-1ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libxfont-dev - X11 font rasterisation library (development headers)
 libxfont1  - X11 font rasterisation library
 libxfont1-dbg - X11 font rasterisation library (debug package)
 libxfont1-udeb - X11 font rasterisation library (udeb)
Changes:
 libxfont (1:1.4.99.901-1ubuntu1) vivid; urgency=medium
 .
   * SECURITY UPDATE: arbitrary code exection via invalid property count
     - debian/patches/CVE-2015-1802.patch: check for integer overflow in
       src/bitmap/bdfread.c.
     - CVE-2015-1802
   * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
     - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
       in src/bitmap/bdfread.c.
     - CVE-2015-1803
   * SECURITY UPDATE: arbitrary code execution via invalid metrics
     - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
       src/bitmap/bdfread.c.
     - CVE-2015-1804
Checksums-Sha1:
 e1a569767d98f004cd33c80edae1a90ee7ae13cf 2370 libxfont_1.4.99.901-1ubuntu1.dsc
 abf0fe8b932c9aa02037468d2ddefb5606749942 14892 libxfont_1.4.99.901-1ubuntu1.diff.gz
Checksums-Sha256:
 ea7b07822e6d71e88f2d9a194f17ed16127965b227130f3d99b2a583c4e018b5 2370 libxfont_1.4.99.901-1ubuntu1.dsc
 5d2d902edfcd624d4a7892babe3de46978bf81940f79e5b5fa38c3763b837227 14892 libxfont_1.4.99.901-1ubuntu1.diff.gz
Files:
 c52199983412bc5d8610e5630064c31e 2370 x11 optional libxfont_1.4.99.901-1ubuntu1.dsc
 945a1d657cf7382493121c759566e560 14892 x11 optional libxfont_1.4.99.901-1ubuntu1.diff.gz
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVCWvPAAoJEGVp2FWnRL6ThXkQAJSmph3C9eXJkT+FFnKsR1G1
eMPpuSBZSxi942+mEPegjER9xJMkKRekY2JOd6GHPBy0WiVA898Z0rSKM0aYa78Z
xA6xtsaDgcg6ADxRC2VbvN42Iljre/aDmdhdJOQOMHcioBnjmySo3l8TJ1FBfS2f
q97OdmsSHaTGuk6h6CHXaca807iHYvcjVpHQqdbcMhbrnLepaipMz2CINbkTbQSi
4kq1YFV+aRhZtPkFB6okq0hIKZXM3EkFp3yjuJTm8VE0yszUcgm4O2GyivCpbyo4
8wcBVskEvZCqlpKfm5ptFK3i/F62Fk2HPqsLCvw82eHKXI08p8dgr6C4t52IJER8
rJuMyBdJJoKpsoWpFu2cm2LTMafR1iGrvZxg50FaTmIE6C5wVuokSxZuOx6L7t7o
GPYSris+nsf8YloDp2sYQIKc3ZrQkKZG2wp5qCeXZpwQNE98LBcMRphCeMt8NbZt
UwBfyRwsJzX8Jfb4DPpGauG1eKwMUFVcPKOc/V53w7FYmAVQW7QaPpFvT7oe0Mnt
WxHBPE2adhayqgbRQunesuroUHuAudoHnjgPBlwknB+KDdAKuIJuERk5trOJYTS+
EftZJkCyKPHEjh20Bb2GJvQXxRCizKVIljfT5We6BXu1d3ycaJ+F2HpgFi/HvlhB
JHkJ+ks/cSogZ1x1XVmK
=3g01
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list