libXfont: Changes to 'master'
Matthieu Herrb
herrb at kemper.freedesktop.org
Tue Nov 28 14:27:34 UTC 2017
configure.ac | 2 +-
src/fontfile/dirfile.c | 25 ++++++++++++++++++++++---
src/fontfile/fileio.c | 5 ++++-
3 files changed, 27 insertions(+), 5 deletions(-)
New commits:
commit cdb2f990348c3bd1407022f7e0e5fcba552d539f
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Sat Nov 25 12:01:16 2017 +0100
libXfont2 2.0.3
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
commit 7b377456f95d2ec3ead40f4fb74ea620191f88c8
Author: Michal Srb <msrb at suse.com>
Date: Thu Oct 26 09:48:13 2017 +0200
Open files with O_NOFOLLOW. (CVE-2017-16611)
A non-privileged X client can instruct X server running under root to open any
file by creating own directory with "fonts.dir", "fonts.alias" or any font file
being a symbolic link to any other file in the system. X server will then open
it. This can be issue with special files such as /dev/watchdog.
Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>
More information about the xorg-commit
mailing list