libXfont: Changes to 'libXfont-1.5-branch'
Matt Turner
mattst88 at kemper.freedesktop.org
Thu Oct 19 20:50:00 UTC 2017
configure.ac | 2 +-
src/bitmap/pcfread.c | 13 +++++++++++--
src/fontfile/fontdir.c | 4 +++-
3 files changed, 15 insertions(+), 4 deletions(-)
New commits:
commit f581c2346d025d5b15926db9e58f254173fb58dc
Author: Matt Turner <mattst88 at gmail.com>
Date: Thu Oct 19 13:45:58 2017 -0700
libXfont 1.5.3
Signed-off-by: Matt Turner <mattst88 at gmail.com>
commit 3b08934dca75e4c559db7d83797bc3d365c2a50a
Author: Michal Srb <msrb at suse.com>
Date: Thu Jul 20 17:05:23 2017 +0200
pcfGetProperties: Check string boundaries (CVE-2017-13722)
Without the checks a malformed PCF file can cause the library to make
atom from random heap memory that was behind the `strings` buffer.
This may crash the process or leak information.
Signed-off-by: Julien Cristau <jcristau at debian.org>
(cherry picked from commit 672bb944311392e2415b39c0d63b1e1902905bcd)
commit a2a5fa591762b430037e33f1df55b460550ab406
Author: Michal Srb <msrb at suse.com>
Date: Thu Jul 20 13:38:53 2017 +0200
Check for end of string in PatternMatch (CVE-2017-13720)
If a pattern contains '?' character, any character in the string is skipped,
even if it is '\0'. The rest of the matching then reads invalid memory.
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Signed-off-by: Julien Cristau <jcristau at debian.org>
(cherry picked from commit d1e670a4a8704b8708e493ab6155589bcd570608)
More information about the xorg-commit
mailing list