Dear Security team, a security patch has been applied to libxfont in unstable (libxfont 1:1.2.0-2). The bug relates to broken pcf font files and is referenced in CVE-2006-3467.
xfree86 in sarge is also affected, so the patch will want to be applied there too I think. The patch is named 10_pcf_font.patch and found at http://necrotic.deadbeast.net/svn/xorg-x11/tags/lib/libxfont/1:1.2.0-2/debian/patches/. The equivalent location in xfree86 is in xc/lib/font/. It may possibly be appropriate to consider applying 10_freetype_buffer_overflow.patch as well. References: Debian Bug#383353 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383353;repeatmerged=no X.org bug 7535 (CVE-2006-3467) https://bugs.freedesktop.org/show_bug.cgi?id=7535 X.org bug 7397 ("non-exploitable") https://bugs.freedesktop.org/show_bug.cgi?id=7397 Thanks, Drew Parsons
signature.asc
Description: This is a digitally signed message part