Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxfont (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: arbitrary code exection via invalid property count
- debian/
src/
- CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
- debian/
in src/bitmap/
- CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
- debian/
src/
- CVE-2015-1804
* SECURITY UPDATE: arbitrary code exection via invalid property count
- debian/
src/
- CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
- debian/
in src/bitmap/
- CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
- debian/
src/
- CVE-2015-1804
Ubuntu delta has been fixed upstream.
Changelog entries since current wily version 1:1.4.99.
libxfont (1:1.5.1-1) unstable; urgency=high
* New upstream release
+ bdfReadProperties: property count needs range check [CVE-2015-1802]
+ bdfReadCharacters: bailout if a char's bitmap cannot be read
[
+ bdfReadCharacters: ensure metrics fit into xCharInfo struct
[
-- Julien Cristau <email address hidden> Tue, 17 Mar 2015 16:55:21 +0100
Changed in libxfont (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package libxfont - 1:1.5.1-1
Sponsored for Artur Rona (ari-tczew)
---------------
libxfont (1:1.5.1-1) unstable; urgency=high
* New upstream release CVE-2015- 1803] CVE-2015- 1804]
+ bdfReadProperties: property count needs range check [CVE-2015-1802]
+ bdfReadCharacters: bailout if a char's bitmap cannot be read
[
+ bdfReadCharacters: ensure metrics fit into xCharInfo struct
[
-- Julien Cristau <email address hidden> Tue, 17 Mar 2015 16:55:21 +0100