libxfont backport
Hello,
I've just noticed that the libxfont backport for squeeze is out-of-date:
| libxfont | 1:1.2.2-2.etch1 | etch-security | source
| libxfont | 1:1.2.2-2.etch1 | etch | source
| libxfont | 1:1.3.3-1 | lenny | source
| libxfont | 1:1.3.3-2 | lenny-p-u | source
| libxfont | 1:1.3.3-2 | lenny-security | source
| libxfont | 1:1.4.1-2 | squeeze | source
| libxfont | 1:1.4.1-3 | squeeze-p-u | source
| libxfont | 1:1.4.1-3 | squeeze-security | source
| libxfont | 1:1.4.3-2~bpo60+1 | backports/squeeze | source <<
| libxfont | 1:1.4.4-1 | wheezy | source <<
| libxfont | 1:1.4.4-1 | sid | source
The update from 1:1.4.3-2 to 1:1.4.4-1 contained security fixes, so
probably the libxfont backport should be updated, too. (quoted changelog
for easy reference)
| libxfont (1:1.4.4-1) unstable; urgency=high
|
| [ Julien Cristau ]
| * Drop Pre-Depends on x11-common (only needed for upgrades from the
| monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).
|
| [ Cyril Brulebois ]
| * New upstream release:
| - LZW decompress: fix for CVE-2011-2895. From the commit message:
| “Specially crafted LZW stream can crash an application using libXfont
| that is used to open untrusted font files. With X server, this may
| allow privilege escalation when exploited.”
| * Set urgency to “high” accordingly.
| * Update debian/copyright from upstream COPYING.
| * Bump xorg-sgml-doctools build-dep.
| * Drop xorg.css from .install, no longer shipped upstream.
|
| -- Cyril Brulebois <kibi@debian.org> Thu, 11 Aug 2011 11:17:16 +0200
It'd be great if you could upload an updated package to backports. Recompiling
against bpo seems to still work.
greetings,
youam
Reply to: