On Tue, Oct 10, 2017 at 09:22:11PM +0200, Moritz Muehlenhoff wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-3995-1 secur...@debian.org
> https://www.debian.org/security/ Moritz Muehlenhoff
> October 10, 2017 https://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : libxfont
> CVE ID : CVE-2017-13720 CVE-2017-13722
>
> Two vulnerabilities were found in libXfont, the X11 font rasterisation
> library, which could result in denial of service or memory disclosure.
>
> For the oldstable distribution (jessie), these problems have been fixed
> in version 1:1.5.1-1+deb8u1.
>
> For the stable distribution (stretch), these problems have been fixed in
> version 1:2.0.1-3+deb9u1.
>
> We recommend that you upgrade your libxfont packages.
>...
src:libxfont1 in stretch also requires the fixes.
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
