[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3995-1] libxfont security update

I don't believe it does. The only relevant piece of software I'm aware of from a security point of view is Xorg, which uses libxfont2 in stretch.

Julien

On October 16, 2017 6:56:40 PM GMT+02:00, Adrian Bunk <bunk@debian.org> wrote:
On Tue, Oct 10, 2017 at 09:22:11PM +0200, Moritz Muehlenhoff wrote:

 Debian Security Advisory DSA-3995-1                   security@debian.org
 https://www.debian.org/security/                       Moritz Muehlenhoff
 October 10, 2017                      https://www.debian.org/security/faq

 
 Package        : libxfont
 CVE ID         : CVE-2017-13720 CVE-2017-13722
 
 Two vulnerabilities were found in libXfont, the X11 font rasterisation
 library, which could result in denial of service or memory disclosure.
 
 For the oldstable distribution (jessie), these problems have been fixed
 in version 1:1.5.1-1+deb8u1.
 
 For the stable distribution (stretch), these problems have been fixed in
 version 1:2.0.1-3+deb9u1.
 
 We recommend that you upgrade your libxfont packages.
...

src:libxfont1 in stretch also requires the fixes.

cu
Adrian
Reply to: