Ubuntu
libxfont package

Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

Bug #1453989 reported by Artur Rona
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libxfont (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

Ubuntu delta has been fixed upstream.

Changelog entries since current wily version 1:1.4.99.901-1ubuntu1:

libxfont (1:1.5.1-1) unstable; urgency=high

  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

 -- Julien Cristau <email address hidden> Tue, 17 Mar 2015 16:55:21 +0100

CVE References

Artur Rona (ari-tczew)
Changed in libxfont (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Daniel Holbach (dholbach) wrote :

This bug was fixed in the package libxfont - 1:1.5.1-1
Sponsored for Artur Rona (ari-tczew)

---------------
libxfont (1:1.5.1-1) unstable; urgency=high

  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

 -- Julien Cristau <email address hidden> Tue, 17 Mar 2015 16:55:21 +0100

Changed in libxfont (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.