libxfont: Changes to 'debian-squeeze'
New branch 'debian-squeeze' available with the following commits:
commit a13fa846ed2c1cfc9cf10a73b6487e244c53bd13
Author: Julien Cristau <jcristau@debian.org>
Date: Thu Aug 11 16:15:56 2011 +0200
Upload to squeeze-security
commit 72f3245295852dd0ca59ec2c4157c96ff14294d3
Author: Thomas Hoger <thoger@redhat.com>
Date: Mon Aug 8 18:03:09 2011 +0200
LZW decompress: fix for CVE-2011-2895
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0)
Reply to: