security fix in X11 (libxfont - xfree86)

To: team@security.debian.org
Cc: debian-x <debian-x@lists.debian.org>
Subject: security fix in X11 (libxfont - xfree86)
From: Drew Parsons <dparsons@debian.org>
Date: Thu, 17 Aug 2006 08:45:43 +1000
Message-id: <[🔎] 1155768343.7272.27.camel@localhost.localdomain>
Reply-to: dparsons@debian.org

Dear Security team,

a security patch has been applied to libxfont in unstable (libxfont
1:1.2.0-2). The bug relates to broken pcf font files and is referenced
in CVE-2006-3467.

xfree86 in sarge is also affected, so the patch will want to be applied
there too I think. The patch is named 10_pcf_font.patch and found at
http://necrotic.deadbeast.net/svn/xorg-x11/tags/lib/libxfont/1:1.2.0-2/debian/patches/.

The equivalent location in xfree86 is in xc/lib/font/.

It may possibly be appropriate to consider applying
10_freetype_buffer_overflow.patch as well.


References:

Debian Bug#383353
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383353;repeatmerged=no

X.org bug 7535 (CVE-2006-3467)
https://bugs.freedesktop.org/show_bug.cgi?id=7535

X.org bug 7397 ("non-exploitable")
https://bugs.freedesktop.org/show_bug.cgi?id=7397


Thanks,
Drew Parsons

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: security fix in X11 (libxfont - xfree86)
  - From: Frans Pop <aragorn@tiscali.nl>

Prev by Date: X Strike Force X.Org X11 SVN commit: r2858 - tags/driver/xserver-xorg-video-vesa
Next by Date: Processing of xserver-xorg-video-voodoo_1.1.0-1_i386.changes
Previous by thread: X Strike Force X.Org X11 SVN commit: r2858 - tags/driver/xserver-xorg-video-vesa
Next by thread: Re: security fix in X11 (libxfont - xfree86)
Index(es):
- Date
- Thread