[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3995-1] libxfont security update

I don't believe it does. The only relevant piece of software I'm aware of from a security point of view is Xorg, which uses libxfont2 in stretch.


On October 16, 2017 6:56:40 PM GMT+02:00, Adrian Bunk <bunk@debian.org> wrote:
On Tue, Oct 10, 2017 at 09:22:11PM +0200, Moritz Muehlenhoff wrote:

Debian Security Advisory DSA-3995-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq

Package : libxfont
CVE ID : CVE-2017-13720 CVE-2017-13722

Two vulnerabilities were found in libXfont, the X11 font rasterisation
library, which could result in denial of service or memory disclosure.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:1.5.1-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:2.0.1-3+deb9u1.

We recommend that you upgrade your libxfont packages.

src:libxfont1 in stretch also requires the fixes.


Reply to: