[Ubuntu-x-swat] [Bug 1453989] [NEW] Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

Artur Rona Mon, 11 May 2015 15:42:04 -0700

Public bug reported:

Please sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)


Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804
  * SECURITY UPDATE: arbitrary code exection via invalid property count
    - debian/patches/CVE-2015-1802.patch: check for integer overflow in
      src/bitmap/bdfread.c.
    - CVE-2015-1802
  * SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
    - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
      in src/bitmap/bdfread.c.
    - CVE-2015-1803
  * SECURITY UPDATE: arbitrary code execution via invalid metrics
    - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
      src/bitmap/bdfread.c.
    - CVE-2015-1804

Ubuntu delta has been fixed upstream.

Changelog entries since current wily version 1:1.4.99.901-1ubuntu1:

libxfont (1:1.5.1-1) unstable; urgency=high

  * New upstream release
    + bdfReadProperties: property count needs range check [CVE-2015-1802]
    + bdfReadCharacters: bailout if a char's bitmap cannot be read
      [CVE-2015-1803]
    + bdfReadCharacters: ensure metrics fit into xCharInfo struct
      [CVE-2015-1804]

 -- Julien Cristau <jcris...@debian.org>  Tue, 17 Mar 2015 16:55:21
+0100

** Affects: libxfont (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: libxfont (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to libxfont in Ubuntu.
https://bugs.launchpad.net/bugs/1453989

Title:
  Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxfont/+bug/1453989/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to     : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help   : https://help.launchpad.net/ListHelp

[Ubuntu-x-swat] [Bug 1453989] [NEW] Sync libxfont 1:1.5.1-1 (main) from Debian unstable (main)

Reply via email to