Package: libxfont1 Version: 1:1.5.2-4 Severity: normal --- Please enter the report below this line. --- I still use xfs, the X Font Server (from Debian Wheezy), and share my core X fonts between hosts on the local network, meaning some font path entries still use the "tcp/somehost:7100" notation. The original change in debian/rules (affecting the configure flags, commit 42fe1a7e29ee0650a33fc92b54ca95fbe4c19573) apparently aimed to mitigate CVE-2014-0210 <https://security-tracker.debian.org/tracker/CVE-2014-0210> and CVE-2014-0211 <https://security-tracker.debian.org/tracker/CVE-2014-0211>. Both vulnerabilities have been already fixed upstream (see, for example, <https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d338f81df1e188eb16e1d6aeea7f4800f89c1218>). --- System information. --- Architecture: Kernel: Linux 4.9.0-8-amd64 Debian Release: 9.8 500 stable-updates ftp.ru.debian.org 500 stable security.debian.org 500 stable ftp.ru.debian.org --- Package information. --- Depends (Version) | Installed =============================-+-============= libbz2-1.0 | libc6 (>= 2.14) | libfontenc1 | libfreetype6 (>= 2.2.1) | zlib1g (>= 1:1.1.4) | Package's Recommends field is empty. Package's Suggests field is empty.
Attachment:
signature.asc
Description: OpenPGP digital signature