On October 16, 2017 6:56:40 PM GMT+02:00, Adrian Bunk <bunk@debian.org> wrote:
On Tue, Oct 10, 2017 at 09:22:11PM +0200, Moritz Muehlenhoff wrote:
Debian Security Advisory DSA-3995-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq
Package : libxfont
CVE ID : CVE-2017-13720 CVE-2017-13722
Two vulnerabilities were found in libXfont, the X11 font rasterisation
library, which could result in denial of service or memory disclosure.
For the oldstable distribution (jessie), these problems have been fixed
in version 1:1.5.1-1+deb8u1.
For the stable distribution (stretch), these problems have been fixed in
version 1:2.0.1-3+deb9u1.
We recommend that you upgrade your libxfont packages.
...
src:libxfont1 in stretch also requires the fixes.
cu
Adrian