[ANNOUNCE] libXfont 1.4.9

Alan Coopersmith alan.coopersmith at oracle.com
Tue Mar 17 08:50:38 PDT 2015


This release of libXfont provides the fixes for today's security advisory
about BDF font parsing bugs.  Like libXfont 1.4.8, it requires fontsproto
2.1.2 or earlier and will not build cleanly with newer versions.

Alan Coopersmith (4):
      bdfReadProperties: property count needs range check [CVE-2015-1802]
      bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803]
      bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804]
      libXfont 1.4.9

Christos Zoulas (1):
      Set close-on-exec for font file I/O.

git tag: libXfont-1.4.9

http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.9.tar.bz2
MD5:  5baa3225a49eeda8e5a476b85704cfd4
SHA1: 3a284783bac87c036b6d09e26d033d2a039219af
SHA256: 6c6b061a3aa44f0ac95785f9579f6427080c60ae6948b49bcc8d44f63942ad89
PGP:  http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.9.tar.bz2.sig

http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.9.tar.gz
MD5:  babdeab70cee48c31c2b02135bb04e91
SHA1: 36ba1d79128bc786425b513dc19478c78060b946
SHA256: 2c7d4691ce430136f04ff64e786ebbaeae4cdc6a5dac468bde4e2e0d40bd9ebe
PGP:  http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.9.tar.gz.sig

-- 
	-Alan Coopersmith-              alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-announce/attachments/20150317/ddab0e5c/attachment.sig>


More information about the xorg-announce mailing list