Bug#734428: marked as done (xserver-xorg-core (1.15.0-1) can not be installed because of unmet dependencies)
Your message dated Tue, 7 Jan 2014 11:21:10 +0100 with message-id 20140107102110.gb8...@mraw.org and subject line Re: Bug#734428: xserver-xorg-core (1.15.0-1) can not be installed because of unmet dependencies has caused the Debian Bug report #734428, regarding xserver-xorg-core (1.15.0-1) can not be installed because of unmet dependencies to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 734428: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734428 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xserver-xorg-core Version: 2:1.15.0-1 (experimental) Severity: important xserver-xorg-core (1.15.0-1) can't be installed because of unmet dependencies: apt-get install xserver-xorg-core/experimental xserver-xorg-input-evdev xserver-xorg-video-radeon Reading package lists... Done Building dependency tree Reading state information... Done xserver-xorg-input-evdev is already the newest version. xserver-xorg-video-radeon is already the newest version. Selected version '2:1.15.0-1' (Debian:experimental [amd64]) for 'xserver-xorg-core' Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: xserver-xorg-input-evdev : Depends: xorg-input-abi-19 xserver-xorg-video-radeon : Depends: xorg-video-abi-14 E: Unable to correct problems, you have held broken packages. --- System Information: Debian Release: jessie/sid + experimental Architecture: amd64 (x86_64) Kernel: linux-image-3.13-rc6-amd64 ---End Message--- ---BeginMessage--- Jos van Wolput wol...@openmailbox.org (2014-01-07): xserver-xorg-core (1.15.0-1) can't be installed because of unmet dependencies: apt-get install xserver-xorg-core/experimental xserver-xorg-input-evdev xserver-xorg-video-radeon Reading package lists... Done Building dependency tree Reading state information... Done xserver-xorg-input-evdev is already the newest version. xserver-xorg-video-radeon is already the newest version. Selected version '2:1.15.0-1' (Debian:experimental [amd64]) for 'xserver-xorg-core' Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: xserver-xorg-input-evdev : Depends: xorg-input-abi-19 xserver-xorg-video-radeon : Depends: xorg-video-abi-14 E: Unable to correct problems, you have held broken packages. Not a bug. Mraw, KiBi. signature.asc Description: Digital signature ---End Message---
xserver-xorg-video-savage: Changes to 'ubuntu'
ChangeLog | 94 configure.ac|2 - debian/changelog| 16 +++- src/savage_driver.c |9 +++- src/savage_driver.h |4 +- src/savage_exa.c|2 - src/savage_video.c |8 ++-- 7 files changed, 122 insertions(+), 13 deletions(-) New commits: commit 6fdcef4a62b6693c571cdfd4b76e3a45fe320d50 Author: Maarten Lankhorst maarten.lankho...@canonical.com Date: Thu Sep 26 15:44:20 2013 +0200 Actually upload with correct contents. (closes: #724675) diff --git a/debian/changelog b/debian/changelog index 06f27ab..51a28d9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xserver-xorg-video-savage (1:2.3.7-2) unstable; urgency=low + + * Actually upload with correct contents. (closes: #724675) + + -- Maarten Lankhorst maarten.lankho...@ubuntu.com Thu, 26 Sep 2013 15:43:11 +0200 + xserver-xorg-video-savage (1:2.3.7-1) unstable; urgency=low * New upstream release that actually works. commit eece3c79c6ce3c6103cb4aa3d2bae303bfe2bbc6 Author: Maarten Lankhorst maarten.lankho...@canonical.com Date: Wed Sep 25 17:10:53 2013 +0200 release to unstable diff --git a/debian/changelog b/debian/changelog index 6c3e47f..06f27ab 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ -xserver-xorg-video-savage (1:2.3.7-1) UNRELEASED; urgency=low +xserver-xorg-video-savage (1:2.3.7-1) unstable; urgency=low * New upstream release that actually works. - -- Maarten Lankhorst maarten.lankho...@ubuntu.com Wed, 25 Sep 2013 17:10:15 +0200 + -- Maarten Lankhorst maarten.lankho...@ubuntu.com Wed, 25 Sep 2013 17:10:41 +0200 xserver-xorg-video-savage (1:2.3.6-1) unstable; urgency=low commit 5cd6e8dfd5f3901df2620aa328948bdfd3a6bb09 Author: Maarten Lankhorst maarten.lankho...@canonical.com Date: Wed Sep 25 17:10:38 2013 +0200 bump changelogs diff --git a/ChangeLog b/ChangeLog index ac40aff..b70bce3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,97 @@ +commit d27abbf74fee30ddb9a3ca0d597ca0ce16a1bc35 +Author: Tormod Volden debian.tor...@gmail.com +Date: Tue Sep 24 23:14:35 2013 +0200 + +xf86-video-savage: bump to version 2.3.7 + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit 966a0e95d6c420e5e0ab01e665144e66a4004846 +Author: Alexander Grothe alexander.gro...@gmail.com +Date: Sun Sep 15 11:00:41 2013 +0200 + +Drop miInitializeBackingStore() call + +It was only needed up to xserver 1.4 and is not supported in the +recent xserver versions. + +Thanks to Alexander Grothe for reporting the issue and providing +the fix. + +https://bugs.freedesktop.org/show_bug.cgi?id=65444 + + commit 1cb0261ef54b7dd6a7ef84e1c3959e424706228b + Author: Daniel Martin consume.no...@gmail.com + Date: Thu Sep 6 00:38:26 2012 +0200 + +dix: Delete mibstore.h + +Since Nov 2010 (commit c4c4676) the only purpose of mibstore.h was to +define an empty function (miInitializeBackingStore()) for backward +compatibility. Time to say goodbye. + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit 44581aef5f878e7f2b34d5693d50ef75263b195c +Author: Tormod Volden debian.tor...@gmail.com +Date: Wed Feb 6 22:14:59 2013 +0100 + +Fix video window height on MX/IX/SuperSavage + +Some copy-pasto caused the width to be written into the height register. + +Thanks to Hans-Jürgen Mauser for pointing out a couple of more places this +was wrong. + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit 3425ddb4c5dd7bbd91068c7ba0b1c001719795a5 +Author: Tormod Volden debian.tor...@gmail.com +Date: Thu May 9 12:39:58 2013 + + +Fix building with TRACEON defined + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit ac460e6836bdd2cd16c9d29743376c16fdc6924e +Author: Tormod Volden debian.tor...@gmail.com +Date: Tue May 7 22:41:31 2013 +0200 + +exa: Use exaGetPixmapFirstPixel() instead of devPrivate.ptr + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit c30f9b4a61283f21f6bd230950f52961afa203cf +Author: Tormod Volden debian.tor...@gmail.com +Date: Thu May 9 12:36:33 2013 + + +Really fix default accel arch when built with no XAA + +After ca9718a887ecbc59b76869af673791ab591b849b it would +still default to XAA unless AccelMethod option was used. + +Make sure the default is EXA if there is no XAA support. + +Signed-off-by: Tormod Volden debian.tor...@gmail.com + +commit ca9718a887ecbc59b76869af673791ab591b849b +Author: Dave Airlie airl...@gmail.com +Date: Sat Dec 22 20:00:00 2012 +1000 + +savage: fix default accel arch when built with no XAA + +Signed-off-by: Dave Airlie airl...@redhat.com + +commit 3d181030a6ba2205a57ef4665e53aed0251ccaa6 +Author: Dave Airlie airl...@gmail.com +Date: Wed Jul 18 18:52:38 2012 +1000 + +savage: move compat-api.h
Bug#720026: marked as done (libxfont-dev: arch-dependent file in Multi-Arch: same package)
Your message dated Tue, 07 Jan 2014 17:18:54 + with message-id e1w0aio-pn...@franck.debian.org and subject line Bug#720026: fixed in libxfont 1:1.4.7-1 has caused the Debian Bug report #720026, regarding libxfont-dev: arch-dependent file in Multi-Arch: same package to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 720026: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720026 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxfont-dev Version: 1:1.4.6-1 Severity: important User: multiarch-de...@lists.alioth.debian.org Usertags: multiarch libxfont-dev is marked as Multi-Arch: same, but the following file is architecture-dependent: /usr/share/doc/libxfont-dev/fontlib.html An example diff between i386 and amd64 is attached. Cheers, Andreasdiff -ur libxfont-dev_1.4.6-1_i386/usr/share/doc/libxfont-dev/fontlib.html libxfont-dev_1.4.6-1_amd64/usr/share/doc/libxfont-dev/fontlib.html --- libxfont-dev_1.4.6-1_i386/usr/share/doc/libxfont-dev/fontlib.html 2013-08-12 18:40:47.0 +0200 +++ libxfont-dev_1.4.6-1_amd64/usr/share/doc/libxfont-dev/fontlib.html 2013-08-12 18:30:24.0 +0200 @@ -292,7 +292,7 @@ } /style/headbodydiv class=articlediv class=titlepagedivdivh2 class=titlea id=fontlib/a The X Font Library - /h2/divdivdiv class=authorgroupdiv class=authorh3 class=authorspan class=firstnameKeith/span span class=surnamePackard/span/h3div class=affiliationspan class=orgnameMIT X Consortiumbr //span/div/divdiv class=authorh3 class=authorspan class=firstnameDavid/span span class=surnameLemke/span/h3div class=affiliationspan class=orgnameNetwork Computing Devicesbr //span/div/div/div/divdivp class=releaseinfoX Version 11, Release 7.6/p/divdivp class=copyrightCopyright © 1993 Network Computing Devices/p/divdivdiv class=legalnoticea id=idp43674508/ap + /h2/divdivdiv class=authorgroupdiv class=authorh3 class=authorspan class=firstnameKeith/span span class=surnamePackard/span/h3div class=affiliationspan class=orgnameMIT X Consortiumbr //span/div/divdiv class=authorh3 class=authorspan class=firstnameDavid/span span class=surnameLemke/span/h3div class=affiliationspan class=orgnameNetwork Computing Devicesbr //span/div/div/div/divdivp class=releaseinfoX Version 11, Release 7.6/p/divdivp class=copyrightCopyright © 1993 Network Computing Devices/p/divdivdiv class=legalnoticea id=idp52162720/ap Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright ---End Message--- ---BeginMessage--- Source: libxfont Source-Version: 1:1.4.7-1 We believe that the bug you reported is fixed in the latest version of libxfont, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 720...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau jcris...@debian.org (supplier of updated libxfont package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 07 Jan 2014 17:51:29 +0100 Source: libxfont Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev Architecture: source amd64 Version: 1:1.4.7-1 Distribution: sid Urgency: high Maintainer: Debian X Strike Force debian-x@lists.debian.org Changed-By: Julien Cristau jcris...@debian.org Description: libxfont-dev - X11 font rasterisation library (development headers) libxfont1 - X11 font rasterisation library libxfont1-dbg - X11 font rasterisation library (debug package) libxfont1-udeb - X11 font rasterisation library (udeb) Closes: 720026 Changes: libxfont (1:1.4.7-1) unstable; urgency=high . * New upstream release + CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() * Don't put dbg symbols from the udeb in the dbg package. * dev package is no longer Multi-Arch: same (closes: #720026). * Disable support for connecting to a font server. That code is horrible and full of holes. Checksums-Sha1: 8dac4f5a5365ceb43f04c03dc1d86af8c5c51655 2241 libxfont_1.4.7-1.dsc e81a9bb1287e09405293db65677f1b9ce5a64fcc 619372
libxfont: Changes to 'refs/tags/libxfont-1_1.4.7-1'
Tag 'libxfont-1_1.4.7-1' created by Julien Cristau jcris...@debian.org at 2014-01-07 17:05 + Tagging upload of libxfont 1:1.4.7-1 to unstable. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJSzDPEAAoJEDEBgAUJBeQM+uAQAOEfLDls/uuXB8KuSWbLhmE1 M+cstTPbWIqwmZJ8hv7Q5/DWaYsOapGWL08Qno28E3EEqqvcHCuMAxVzqaTDbQHR rhG5rcVojUrn2310lhZWYy294VMc89W1Vmjc+CBp9uhar+ow4Dv6abd6tJGFLg6x nXFZulKc4BrtbrSfGe9uEamR/IdBF1kZ7H9uUwxELwl0/NRNCmbq0IHMfoLGYYhp w2bI16/R1Kxme0MbgjGAjwIIcX7CQWZXj06q01NvjSesj5mRe64bq1/y+yTkqi3N 57YZuPJ0yhSfnsxhbrengKSMsZXA13D/7rAYOy96M2mKz/PwgVJt3F2M0ZQuBf4U hDPRe+mcHxA8bmWVulYCVbdxXMANPBYFxmTU84H0SZxbWLiRwJkZBePD+2iljyo4 s4iCN/KYh05uc5lGGfPAWbFYYrKJ2jQz9rxJn+leMMo8gQIkcdyu4WWaTFEzzToh py/u06011/fQobZOC0IM/6xOyGSFPo6rjfkHBqw8UwQNMk6yhGDZnlJY5SLAY34e S5VX8IhKiX6vrYu4uh4L4467dMZFyNnSXhNEVg3LAGT362uF6REflbnOSMiPJXtE rqXcjkjgBrKw+D6llt+rZO5DvgAWTv2XQ4mpWjWS3UVhPHgG/q79z2Xxq9FNYtEP JRtO4yibQG2wYhN3V3hH =fcbV -END PGP SIGNATURE- Changes since libxfont-1_1.4.6-1: Alan Coopersmith (7): xstrdup - strdup Replace malloc(strlen)+strcpy/strcat calls with strdup Don't leak old allocation if realloc fails to enlarge it Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() Limit additional sscanf strings to fit buffer sizes libXfont 1.4.7 Julien Cristau (7): Don't put dbg symbols from the udeb in the dbg package. dev package is no longer Multi-Arch: same (closes: #720026). Make serverGeneration unsigned Disable support for connecting to a font server. Merge tag 'libXfont-1.4.7' into debian-unstable Bump changelogs Upload to unstable --- ChangeLog | 126 + configure.ac |7 ++ debian/changelog | 12 debian/control |1 debian/rules |5 + src/FreeType/ftfuncs.c | 17 +++--- src/FreeType/xttcap.c | 23 src/FreeType/xttcap.h |9 --- src/bitmap/bdfread.c | 16 -- src/fontfile/fontdir.c | 10 +-- src/util/atom.c| 20 --- src/util/miscutil.c|2 12 files changed, 185 insertions(+), 63 deletions(-) --- -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0a6b-kr...@moszumanska.debian.org
libxfont: Changes to 'debian-unstable'
ChangeLog | 126 + configure.ac |7 ++ debian/changelog |9 ++- debian/rules |2 src/FreeType/ftfuncs.c | 17 +++--- src/FreeType/xttcap.c | 23 src/FreeType/xttcap.h |9 --- src/bitmap/bdfread.c | 16 -- src/fontfile/fontdir.c | 10 +-- src/util/atom.c| 20 --- src/util/miscutil.c|2 11 files changed, 178 insertions(+), 63 deletions(-) New commits: commit fbf4d196d081e1d793f49d954881db4a249333dc Author: Julien Cristau jcris...@debian.org Date: Tue Jan 7 17:51:34 2014 +0100 Upload to unstable diff --git a/debian/changelog b/debian/changelog index 237833b..16547c9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -libxfont (1:1.4.7-1) UNRELEASED; urgency=low +libxfont (1:1.4.7-1) unstable; urgency=high * New upstream release + CVE-2013-6462: unlimited sscanf overflows stack buffer in @@ -8,7 +8,7 @@ libxfont (1:1.4.7-1) UNRELEASED; urgency=low * Disable support for connecting to a font server. That code is horrible and full of holes. - -- Julien Cristau jcris...@debian.org Tue, 07 Jan 2014 17:48:09 +0100 + -- Julien Cristau jcris...@debian.org Tue, 07 Jan 2014 17:51:29 +0100 libxfont (1:1.4.6-1) unstable; urgency=low commit 386ae3437dfaeab94f0f9fd8b63cbede6dcdf1df Author: Julien Cristau jcris...@debian.org Date: Tue Jan 7 17:51:21 2014 +0100 Bump changelogs diff --git a/ChangeLog b/ChangeLog index 05daa3c..5901d99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,129 @@ +commit 30110063857ff9a5f93f6d8d13f535c9b6e59e2a +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Tue Jan 7 08:22:31 2014 -0800 + +libXfont 1.4.7 + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com + +commit 2a84680376bafd74609c6ef3e38befcb8467d814 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Mon Dec 23 19:01:11 2013 -0800 + +Limit additional sscanf strings to fit buffer sizes + +None of these could currently result in buffer overflow, as the input +and output buffers were the same size, but adding limits helps ensure +we keep it that way, if we ever resize any of these in the future. + +Fixes cppcheck warnings: + [lib/libXfont/src/bitmap/bdfread.c:547]: (warning) + scanf without field width limits can crash with huge input data. + [lib/libXfont/src/bitmap/bdfread.c:553]: (warning) + scanf without field width limits can crash with huge input data. + [lib/libXfont/src/bitmap/bdfread.c:636]: (warning) + scanf without field width limits can crash with huge input data. + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com +Reviewed-by: Matthieu Herrb matth...@herrb.eu +Reviewed-by: Jeremy Huddleston Sequoia jerem...@apple.com + +commit 4d024ac10f964f6bd372ae0dd14f02772a6e5f63 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Mon Dec 23 18:34:02 2013 -0800 + +CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() + +Fixes cppcheck warning: + [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) + scanf without field width limits can crash with huge input data. + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com +Reviewed-by: Matthieu Herrb matth...@herrb.eu +Reviewed-by: Jeremy Huddleston Sequoia jerem...@apple.com + +commit fdcf9a9be6a5d453659beadec5d1a1fdbab9afaf +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Fri Dec 27 11:01:35 2013 -0800 + +Add AC_USE_SYSTEM_EXTENSIONS to expose non-standard extensions + +Required on Solaris to expose definitions in system headers that +are not defined in the XPG standards now that xtrans 1.3 defines +_XOPEN_SOURCE to 600 on Solaris. + +Fixes build failures: +fserve.c: In function 'fs_block_handler': +fserve.c:1210:5: error: 'fd_mask' undeclared (first use in this function) +fserve.c:1210:5: note: each undeclared identifier is reported only once for each function it appears in +In file included from transport.c:67:0, + from fstrans.c:28: +Xtranssock.c: In function '_FontTransSocketINETConnect': +Xtranssock.c:1421:19: error: 'INET6_ADDRSTRLEN' undeclared (first use in this function) +Xtranssock.c:1421:19: note: each undeclared identifier is reported only once for each function it appears in + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com +Reviewed-by: Daniel Stone dan...@fooishbar.org + +commit 0d24378a6f08f5ab594ff552d60cf5f8f74bcb33 +Author: Alan Coopersmith alan.coopersm...@oracle.com +Date: Sat Dec 7 20:11:29 2013 -0800 + +Don't leak old allocation if realloc fails to enlarge it + +In ftfuncs.c, since the buffer being reallocated is a function local +buffer, used to accumulate data for a single run of the function and +then freed at the
libxfont: Changes to 'upstream-unstable'
configure.ac |7 ++- src/FreeType/ftfuncs.c | 17 + src/FreeType/xttcap.c | 23 +-- src/FreeType/xttcap.h |9 - src/bitmap/bdfread.c | 16 src/fontfile/fontdir.c | 10 +++--- src/util/atom.c| 20 src/util/miscutil.c|2 +- 8 files changed, 44 insertions(+), 60 deletions(-) New commits: commit 30110063857ff9a5f93f6d8d13f535c9b6e59e2a Author: Alan Coopersmith alan.coopersm...@oracle.com Date: Tue Jan 7 08:22:31 2014 -0800 libXfont 1.4.7 Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com diff --git a/configure.ac b/configure.ac index 3591a1a..01e7b6e 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXfont], [1.4.6], +AC_INIT([libXfont], [1.4.7], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXfont]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h include/X11/fonts/fontconf.h]) commit 2a84680376bafd74609c6ef3e38befcb8467d814 Author: Alan Coopersmith alan.coopersm...@oracle.com Date: Mon Dec 23 19:01:11 2013 -0800 Limit additional sscanf strings to fit buffer sizes None of these could currently result in buffer overflow, as the input and output buffers were the same size, but adding limits helps ensure we keep it that way, if we ever resize any of these in the future. Fixes cppcheck warnings: [lib/libXfont/src/bitmap/bdfread.c:547]: (warning) scanf without field width limits can crash with huge input data. [lib/libXfont/src/bitmap/bdfread.c:553]: (warning) scanf without field width limits can crash with huge input data. [lib/libXfont/src/bitmap/bdfread.c:636]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com Reviewed-by: Matthieu Herrb matth...@herrb.eu Reviewed-by: Jeremy Huddleston Sequoia jerem...@apple.com diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c index e11c5d2..914a024 100644 --- a/src/bitmap/bdfread.c +++ b/src/bitmap/bdfread.c @@ -69,6 +69,7 @@ from The Open Group. #define INDICES 256 #define MAXENCODING 0x #define BDFLINELEN 1024 +#define BDFLINESTR %1023s /* scanf specifier to read a BDFLINELEN string */ static Bool bdfPadToTerminal(FontPtr pFont); extern int bdfFileLineNum; @@ -544,13 +545,18 @@ bdfReadHeader(FontFilePtr file, bdfFileState *pState) unsigned charlineBuf[BDFLINELEN]; line = bdfGetLine(file, lineBuf, BDFLINELEN); -if (!line || sscanf((char *) line, STARTFONT %s, namebuf) != 1 || +if (!line || +sscanf((char *) line, STARTFONT BDFLINESTR, namebuf) != 1 || !bdfStrEqual(namebuf, 2.1)) { bdfError(bad 'STARTFONT'\n); return (FALSE); } line = bdfGetLine(file, lineBuf, BDFLINELEN); -if (!line || sscanf((char *) line, FONT %[^\n], pState-fontName) != 1) { +#if MAXFONTNAMELEN != 1024 +# error need to adjust sscanf length limit to be MAXFONTNAMELEN - 1 +#endif +if (!line || +sscanf((char *) line, FONT %1023[^\n], pState-fontName) != 1) { bdfError(bad 'FONT'\n); return (FALSE); } @@ -633,7 +639,9 @@ bdfReadProperties(FontFilePtr file, FontPtr pFont, bdfFileState *pState) while (*line isspace(*line)) line++; - switch (sscanf((char *) line, %s%s%s, namebuf, secondbuf, thirdbuf)) { + switch (sscanf((char *) line, + BDFLINESTR BDFLINESTR BDFLINESTR, + namebuf, secondbuf, thirdbuf)) { default: bdfError(missing '%s' parameter value\n, namebuf); goto BAILOUT; commit 4d024ac10f964f6bd372ae0dd14f02772a6e5f63 Author: Alan Coopersmith alan.coopersm...@oracle.com Date: Mon Dec 23 18:34:02 2013 -0800 CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() Fixes cppcheck warning: [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) scanf without field width limits can crash with huge input data. Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com Reviewed-by: Matthieu Herrb matth...@herrb.eu Reviewed-by: Jeremy Huddleston Sequoia jerem...@apple.com diff --git a/src/bitmap/bdfread.c b/src/bitmap/bdfread.c index e2770dc..e11c5d2 100644 --- a/src/bitmap/bdfread.c +++ b/src/bitmap/bdfread.c @@ -338,7 +338,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState, charcharName[100]; int ignore; - if (sscanf((char *) line, STARTCHAR %s, charName) != 1) { + if (sscanf((char *) line, STARTCHAR %99s, charName) != 1) { bdfError(bad character name in BDF file\n); goto BAILOUT; /* bottom of function, free and return error */ } commit
Processing of libxfont_1.4.7-1_amd64.changes
libxfont_1.4.7-1_amd64.changes uploaded successfully to localhost along with the files: libxfont_1.4.7-1.dsc libxfont_1.4.7.orig.tar.gz libxfont_1.4.7-1.diff.gz libxfont1_1.4.7-1_amd64.deb libxfont1-udeb_1.4.7-1_amd64.udeb libxfont1-dbg_1.4.7-1_amd64.deb libxfont-dev_1.4.7-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0a7a-0006yh...@franck.debian.org
libxfont_1.4.7-1_amd64.changes ACCEPTED into unstable
Mapping sid to unstable. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 07 Jan 2014 17:51:29 +0100 Source: libxfont Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev Architecture: source amd64 Version: 1:1.4.7-1 Distribution: sid Urgency: high Maintainer: Debian X Strike Force debian-x@lists.debian.org Changed-By: Julien Cristau jcris...@debian.org Description: libxfont-dev - X11 font rasterisation library (development headers) libxfont1 - X11 font rasterisation library libxfont1-dbg - X11 font rasterisation library (debug package) libxfont1-udeb - X11 font rasterisation library (udeb) Closes: 720026 Changes: libxfont (1:1.4.7-1) unstable; urgency=high . * New upstream release + CVE-2013-6462: unlimited sscanf overflows stack buffer in bdfReadCharacters() * Don't put dbg symbols from the udeb in the dbg package. * dev package is no longer Multi-Arch: same (closes: #720026). * Disable support for connecting to a font server. That code is horrible and full of holes. Checksums-Sha1: 8dac4f5a5365ceb43f04c03dc1d86af8c5c51655 2241 libxfont_1.4.7-1.dsc e81a9bb1287e09405293db65677f1b9ce5a64fcc 619372 libxfont_1.4.7.orig.tar.gz 910d520dabe98134bc9dd33266600fc6c7c7aa94 9609 libxfont_1.4.7-1.diff.gz f0df43b62e205ca84751dad3698e06492ef6e632 125516 libxfont1_1.4.7-1_amd64.deb 3bf743b088ab143ef2fcfd5c53a52be06e7d6187 89178 libxfont1-udeb_1.4.7-1_amd64.udeb 14c9d1954df458fec69b827398fe1b3858748cce 204868 libxfont1-dbg_1.4.7-1_amd64.deb 655c5dc565f26ae970d16d602aae72b7b37391d9 158218 libxfont-dev_1.4.7-1_amd64.deb Checksums-Sha256: 67d0049a114cfd92ef220dda17e0693d531e8540df2116fc4912c8351b2ef988 2241 libxfont_1.4.7-1.dsc 23029d9ab79190466169220c202a73e239fdf94a93a250a9d2d5756381b67ad2 619372 libxfont_1.4.7.orig.tar.gz 62fdb4008eb698f45c430d5c69fc9596c6c9dd50d518bdd55228cd65c811dd26 9609 libxfont_1.4.7-1.diff.gz 566fc94bdf29b3d6adbe6284a5022a8c484e7aa72bbc7ed8b21be72f4eb05c65 125516 libxfont1_1.4.7-1_amd64.deb 93c6c5f1e5e4924ac6b6827246e9dafd76cb0127e111ca16d0c19807a556fb97 89178 libxfont1-udeb_1.4.7-1_amd64.udeb f20b58eac34dff32633a4d3c86ae61ab387d7a8cfa9cd7cb04a9db07731845b5 204868 libxfont1-dbg_1.4.7-1_amd64.deb 02fa42ceda7f97ebcd81ed36f0c05ca0656b94a848c7bba5205418ff98f27798 158218 libxfont-dev_1.4.7-1_amd64.deb Files: e10127da150a1254896d2f77e549f0ee 2241 x11 optional libxfont_1.4.7-1.dsc f265a3753386026414dab4408b7a74be 619372 x11 optional libxfont_1.4.7.orig.tar.gz 33b8ee20d9e260b69f959a17045b0784 9609 x11 optional libxfont_1.4.7-1.diff.gz d012c751f8bab68900c6ea6563e6f8dc 125516 libs optional libxfont1_1.4.7-1_amd64.deb b375b7312f57a95945e9e3185321b3ac 89178 debian-installer optional libxfont1-udeb_1.4.7-1_amd64.udeb e014ba682ac88ec2f859df184b820df5 204868 debug extra libxfont1-dbg_1.4.7-1_amd64.deb bdb0544e0db1d78de11e9c9680e8fc62 158218 libdevel optional libxfont-dev_1.4.7-1_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSzDPxAAoJEDEBgAUJBeQMDR0P/3+P6TAzAXIkYTXgQnk/MOWD MAwZaXCM2yF7Wf4DzlkBoF/7YAcoFo7w2NyY2X/CrVHhfW2+fywQx4b7PCUoKVwd au1nOA3j4QFa4S+QEOtea+TqeG28R7Y6+MXAN53EjS/J2ZkCaw/SZEnefIY9db9g lvZ+q2hsENDE5n6tHxoQ8rx1Z8Cvz+qDk9O1/SxX1IYBcHroOKc2DR4qZte0+Gig srJB+X5TOoqOauRdn113EKFIY8vqRLXeBdpkAToEVil95hQ9riY9vgfHv7/bTyfE DH/Wy8nzB76OgrHUdXuEAdMuswdSzTDWc0hh5dL2xvSum0lHvuB6dRq2NcVl1Ue/ GBwvogb+EHb3N0yEFfwPVoeockfCKylQ2MhbMSKZyDLILO6BriIAVrrfPyhhPBXf CgDTV1w/2yO5HDOa9tgTE5SnB9nyFDOzbmbYyUULXiIoUx0opbvtB+iNDYBcEksX Kd3g/Ewh0PiU9uMFqyJ6MTL7oHEL5l/OKYejUjI9zSVvhOmtNoXFeeixvYVyFx9g aZXAinqfp3pfnJ/+6AsNQMwhDAZkFPzI6bjfGhqMY1lbMFJWBs1uiDiIG2XzP1bk T8dFAYvsa5DwE11PdLGMAQ70K9nrQmwenjrV3b5CNL8CQ3PikPoCbMwpoumi6nRA YqI7gZAl1ZsFhpw0gvoy =aKv/ -END PGP SIGNATURE- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0aio-pa...@franck.debian.org
libxfont: Changes to 'debian-squeeze'
debian/changelog | 6 ++ debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch | 28 ++ debian/patches/series | 1 3 files changed, 35 insertions(+) New commits: commit eaa97effca85c48025b44fc27c726f558cc25498 Author: Julien Cristau jcris...@debian.org Date: Thu Dec 26 21:36:54 2013 +0100 unlimited sscanf can overflow stack buffer in bdfReadCharacters() diff --git a/debian/changelog b/debian/changelog index bab3e01..2e4ddb6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libxfont (1:1.4.1-4) squeeze-security; urgency=high + + * unlimited sscanf can overflow stack buffer in bdfReadCharacters() + + -- Julien Cristau jcris...@debian.org Thu, 26 Dec 2013 21:36:57 +0100 + libxfont (1:1.4.1-3) squeeze-security; urgency=high * Fix LZW decompression heap corruption (CVE-2011-2895). diff --git a/debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch b/debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch new file mode 100644 index 000..fa5f72d --- /dev/null +++ b/debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch @@ -0,0 +1,28 @@ +From b07483b605e77ea475b97d5dc829a7d5eb10a5d6 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith alan.coopersm...@oracle.com +Date: Mon, 23 Dec 2013 18:34:02 -0800 +Subject: [PATCH:libXfont 1/2] CVE-2013-: unlimited sscanf can overflow + stack buffer in bdfReadCharacters() + +Fixes cppcheck warning: + [lib/libXfont/src/bitmap/bdfread.c:341]: (warning) + scanf without field width limits can crash with huge input data. + +Signed-off-by: Alan Coopersmith alan.coopersm...@oracle.com +--- + src/bitmap/bdfread.c |2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libxfont/src/bitmap/bdfread.c +=== +--- libxfont.orig/src/bitmap/bdfread.c libxfont/src/bitmap/bdfread.c +@@ -341,7 +341,7 @@ bdfReadCharacters(FontFilePtr file, Font + charcharName[100]; + int ignore; + +- if (sscanf((char *) line, STARTCHAR %s, charName) != 1) { ++ if (sscanf((char *) line, STARTCHAR %99s, charName) != 1) { + bdfError(bad character name in BDF file\n); + goto BAILOUT; /* bottom of function, free and return error */ + } diff --git a/debian/patches/series b/debian/patches/series index e69de29..756d521 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0aoo-0002pl...@moszumanska.debian.org
libxfont: Changes to 'refs/tags/libxfont-1_1.4.1-4'
Tag 'libxfont-1_1.4.1-4' created by Julien Cristau jcris...@debian.org at 2014-01-07 17:23 + Tagging upload of libxfont 1:1.4.1-4 to squeeze-security. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJSzDgmAAoJEDEBgAUJBeQMJI4P/0z78onM8TGypwrPJstORcfN L+B28zNjlNxSXCefTijHe6bhtpsCrEb+YBJm1TpJ5YjOhBcxzkBY/H9V5YGBt/4w WFZWYD+6Oe1ZMcHtENfHTDHZBxTX0fKSjf/pt9aq+xrhDshVK8MwPLIXv+IA28+g NKPZpVaM6IgYhPrIs6uC/WmmME4RnndkYbeZFOugokWDe2SiUc0EEnqJKBR4y/BU cy7BBat9TwWczfpWmpVkrhPgJZxG3h2TV5Rca+YI1TOnWw9wTsCKLig0vJ2p/s60 /sWFsIZJgly7bATFkn2OxE+p261bHGMSczySco8stE+up3qaHqdDl9AzVotH0Nno qFM3YTmO1qtA90ph39lhPfGIFPjH5VN1smsTmT2AvysFuNINAFOQEkbOHWq1wunZ HreTXfpNY6sjfPLJwnr6S+UzybsVbss9ze/BU2+EFR0zcXftRMgYMdUmZhyDsNkI FfU/H9yaUuD4NcYvAVQn1K6MDxUteXUcLncm9kf2ssF5gQDsfNBvHR7hBSkMc+Mm llSOjJFcFxYoRKr4ctSvq1ot7G+SCiKZJXqDrfXq48evdU/4ohavpGi1iHQHQ0Xz rJKoewhr8AJDer5FGMfxWa9yK92A3EczBTaxG1SAsUXAt6tdaRmNwQrVUuU1/UA7 6wh28DCi1AP7Tb40ycOB =q9Pb -END PGP SIGNATURE- Changes since libxfont-1_1.4.1-3: Julien Cristau (1): unlimited sscanf can overflow stack buffer in bdfReadCharacters() --- debian/changelog | 6 ++ debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch | 28 ++ debian/patches/series | 1 3 files changed, 35 insertions(+) --- -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0aoo-0002pt...@moszumanska.debian.org
libxfont: Changes to 'debian-wheezy'
New branch 'debian-wheezy' available with the following commits: commit 90f0acd40e9125abcb81bda05fcdfbede70b8880 Author: Julien Cristau jcris...@debian.org Date: Thu Dec 26 21:55:28 2013 +0100 unlimited sscanf can overflow stack buffer in bdfReadCharacters() -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0apk-0003bz...@moszumanska.debian.org
libxfont: Changes to 'refs/tags/libxfont-1_1.4.5-3'
Tag 'libxfont-1_1.4.5-3' created by Julien Cristau jcris...@debian.org at 2014-01-07 17:25 + Tagging upload of libxfont 1:1.4.5-3 to wheezy-security. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJSzDijAAoJEDEBgAUJBeQMx9UP/2UAoARHfjLhWHVqU2BmtW/N SUzE5VDjbNMVH1SuCNXR/d5vAyxjVp41UvvtmtAyK2mNoJoZGlehBX1YLcBkd/xU ia0UFfsBTZqgfJpztex/TQCja7LbB1RrSfrRDWnYxDazf76aXvuPvHLTARsXSuq7 KRXs/tEFUCBgZanrZbhh91GkfRT31RlNjiWf548sFiRZZ8e6FZixmET+W+h+xLNQ RKQD7jrZbNofm+AJg45q31BlQLkUjTSaXJRTeK3IIKHze2bkpHQfgXhR0+sLKZ/7 +8Y6Lhvs6Rg7ur3bx/tAmMSuZinCWlQMxiwPcv+P72n+x1MkVppfGhnw80THVkMP kH6c7DxDcF4ozupQlRzrWuV94Qh7ypeG7jy6PXsHcHWMXKDDYa4GtPM1icuaYQUH ogDqWXcntnUfyubKCoH/Q0NTb9T/ByRY8VeDQ8j8jcgLggBQkBIFBX6mDCLv3Gfr kygOMrYli23I1pVDie949p21/sRBAkxKylyAAjjAcPg8SSdPka2M0V0AmErThHKU SLxrdVvmLzZ4k4NOP18ExUg/unSAzFhRnUlRYbPn5WYRjHr6a4GXU8lI0+1Yvw6B OUOr5P07J1rQa4MWCsrZJeRWokf/c4I4UAomo5C93tKLwRjCmaBdgym4maSYXcpl mBbT2RlHH35+8+/aE+dB =V0bh -END PGP SIGNATURE- Changes since libxfont-1_1.4.5-2: Julien Cristau (1): unlimited sscanf can overflow stack buffer in bdfReadCharacters() --- debian/changelog | 6 + debian/patches/CVE-2013--unlimited-sscanf-can-overflow-stack-bu.patch | 31 ++ debian/patches/series | 1 3 files changed, 38 insertions(+) --- -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0apk-0003cb...@moszumanska.debian.org
Processing of libxfont_1.4.5-3_amd64.changes
libxfont_1.4.5-3_amd64.changes uploaded successfully to localhost along with the files: libxfont_1.4.5-3.dsc libxfont_1.4.5.orig.tar.gz libxfont_1.4.5-3.diff.gz libxfont1_1.4.5-3_amd64.deb libxfont1-udeb_1.4.5-3_amd64.udeb libxfont1-dbg_1.4.5-3_amd64.deb libxfont-dev_1.4.5-3_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0af6-0004ut...@franck.debian.org
libxfont_1.4.1-4_amd64.changes ACCEPTED into oldstable-proposed-updates-oldstable-new
Mapping oldstable-security to oldstable-proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 26 Dec 2013 21:36:57 +0100 Source: libxfont Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev Architecture: source amd64 Version: 1:1.4.1-4 Distribution: squeeze-security Urgency: high Maintainer: Debian X Strike Force debian-x@lists.debian.org Changed-By: Julien Cristau jcris...@debian.org Description: libxfont-dev - X11 font rasterisation library (development headers) libxfont1 - X11 font rasterisation library libxfont1-dbg - X11 font rasterisation library (debug package) libxfont1-udeb - X11 font rasterisation library (udeb) Changes: libxfont (1:1.4.1-4) squeeze-security; urgency=high . * unlimited sscanf can overflow stack buffer in bdfReadCharacters() Checksums-Sha1: ad155096ea76941d8d6e3b67da51266ed01a3dae 2103 libxfont_1.4.1-4.dsc 40c9df426f6a8a134efd9878c96d1235943e26d2 19924 libxfont_1.4.1-4.diff.gz e125d45a570b7f389c13bc52bb45068d05b60bc8 153492 libxfont1_1.4.1-4_amd64.deb 32c983906d0288bce0af0fd3f7b766dca25b8589 127704 libxfont1-udeb_1.4.1-4_amd64.udeb 0cf98afce4ddf20d8f22fa8b9bbbeb8768c61345 224226 libxfont1-dbg_1.4.1-4_amd64.deb eeda88bb336338048160d656c90eff1757d4bc03 203416 libxfont-dev_1.4.1-4_amd64.deb Checksums-Sha256: 4b357174986f0e956da88dfc9343ec60cdd5176cba51ade8fe290e4d00e5505b 2103 libxfont_1.4.1-4.dsc 0924712ae88158e2fbcbb6fd519e5bb7fe3b2063462bb6a53dff852c6d8f32f4 19924 libxfont_1.4.1-4.diff.gz c58e2a9b12a6967d2280e53e3febcba437222d9c81995188a89bd14fcf8c47e2 153492 libxfont1_1.4.1-4_amd64.deb 679ca518f2f0c5ca5ce8a38bd198d82282bff2ebeedef440f059fcc4374cdc9e 127704 libxfont1-udeb_1.4.1-4_amd64.udeb 2e549dce5d01455da4cdafb0415d3ef1917fbaefbfc51495b3604baa2ea71b49 224226 libxfont1-dbg_1.4.1-4_amd64.deb 987058991fc572c38c6e2b67d21d121bf50c6dac00dc91d03b359eed21efc63a 203416 libxfont-dev_1.4.1-4_amd64.deb Files: 4b1f2c8b7f3cd9f91d997d5005e9a82d 2103 x11 optional libxfont_1.4.1-4.dsc ac17c5a9558853e210123b7a9eee2d72 19924 x11 optional libxfont_1.4.1-4.diff.gz 7f9d39f09cc598ad5c5dc93615fcb476 153492 libs optional libxfont1_1.4.1-4_amd64.deb c66e919cc24d6cf5b41c5fa9638b4167 127704 debian-installer optional libxfont1-udeb_1.4.1-4_amd64.udeb 8a3d2e2b354039cf0576dfb2e81a66b7 224226 debug extra libxfont1-dbg_1.4.1-4_amd64.deb a75b8b5feb1f49788db30e28d305ea17 203416 libdevel optional libxfont-dev_1.4.1-4_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSvJrfAAoJEDEBgAUJBeQM++4QAMUlPUYbRV8P+MZMFja1NVVl T29IOQZsMbJFOvcvnprMEufh7FGaUQFF8PRmT0UwSLSNV/A6wCNljcRZ0ldgcPam 67Q3yUGjVlyHhjLtu+6s/HfvYDpEnwvprwkXyTBXPsmfXxe+06lIYhvSZM6rnmpE P7NEDb8TKP81tbkTk/64H7ALHuZlMTnVOwdqjB4pdllKojaw29QH8G91/H9PeqvL NdbG2zXvcXuzquFCNhoNlFjQxhvSnZish4ZOfwua8dB2+KEWxbXfgNpcqmVsqIS3 1v0hJghs4VRzjxH+w+HdeMLR3Rz3qwx9bC8oEe2VC4loGUu6032z3KRkqlRFX9EK Ep5J0uKGp2dlnJd4IlQjUTOpq547StcKKYfruOrnv2Q5YawHh7lyUcoZ7VIxOkx0 7avwkouhVT4+3wxlFVYmto3FVK3nWoLI+625dJxkCIyQGYYPwrlh41/D/m4r ihrEiajeGnjm9s4rjn9HFidodOFm6H9xpmzIA7x/LQ3EV26t9P6KSHkG7FZT8ysC hVM3fMmzw8jAp2B2y1MP+q2HxewW2+UQCajnMeceyZhY/xTG6jjPbWnaFQ7dNzj9 U/iQ3cJLBk/WJAG9Nog8E7Ybd85f04ayBleK4gAEkxbwesmrro0F3+DP6zhy0IJh M5zWkP3ULW25PSP3avAH =LtOV -END PGP SIGNATURE- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0alm-0006kv...@franck.debian.org
libxfont_1.4.5-3_amd64.changes ACCEPTED into proposed-updates-stable-new
Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 26 Dec 2013 21:54:48 +0100 Source: libxfont Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev Architecture: source amd64 Version: 1:1.4.5-3 Distribution: wheezy-security Urgency: high Maintainer: Debian X Strike Force debian-x@lists.debian.org Changed-By: Julien Cristau jcris...@debian.org Description: libxfont-dev - X11 font rasterisation library (development headers) libxfont1 - X11 font rasterisation library libxfont1-dbg - X11 font rasterisation library (debug package) libxfont1-udeb - X11 font rasterisation library (udeb) Changes: libxfont (1:1.4.5-3) wheezy-security; urgency=high . * unlimited sscanf can overflow stack buffer in bdfReadCharacters() Checksums-Sha1: 62deab40b13c99bd52b2cd77d2f86df418c99c02 2237 libxfont_1.4.5-3.dsc 9b88310bac0a81783789a62f426202a921bab5ee 593436 libxfont_1.4.5.orig.tar.gz 7acf9b1bee1ff808b2f676504b5cb1e9f1c93c18 9884 libxfont_1.4.5-3.diff.gz 8858626b29ef67cb0b27c34a6f308c4d511f448b 163562 libxfont1_1.4.5-3_amd64.deb db61df19ac4006ecd340fe0915f29b81a8bfda6b 110928 libxfont1-udeb_1.4.5-3_amd64.udeb b7a9b50d0316973722f04c0f0b8665fd8686b8f8 331050 libxfont1-dbg_1.4.5-3_amd64.deb 0c3c40a222ab25b3683cac609161cc9881dcf07b 215630 libxfont-dev_1.4.5-3_amd64.deb Checksums-Sha256: 807fd5e07cddce72ed5dedaf2e5874794e199b8cace2193acad60ebb87c18995 2237 libxfont_1.4.5-3.dsc d0eaa0b180b09986532ef4c2eba94a77c246fce7b8f263b8c45bb6dae30dc4e0 593436 libxfont_1.4.5.orig.tar.gz af199e845ee0f6a0c79268b621cab3d02049418a7ce685844c8417e371cb68bf 9884 libxfont_1.4.5-3.diff.gz f7901d9c6a3014a2d438c14a5b7f6949d1bb8bfcda05d0fa03b002a2acf0791a 163562 libxfont1_1.4.5-3_amd64.deb f78bec0a6b5bfaa6ecc728523b79c6acfed015a3dc207db265f8564a1fb0d145 110928 libxfont1-udeb_1.4.5-3_amd64.udeb 1b3bf1e318eed7fe8a7bbf3a94176785340df0d633f687ef8c8f84b7222cff57 331050 libxfont1-dbg_1.4.5-3_amd64.deb 86cd6df17b6860aa4115d9a1f15b3bc5846767178c91eb8015670ebf1d6e1257 215630 libxfont-dev_1.4.5-3_amd64.deb Files: d5281676928d3e70e1d8e681c7fad184 2237 x11 optional libxfont_1.4.5-3.dsc a54dea0debecf232a346c22e71d76836 593436 x11 optional libxfont_1.4.5.orig.tar.gz d9ade5bdf2dd039aa5e4679289caee56 9884 x11 optional libxfont_1.4.5-3.diff.gz 142771a5479c3a9f7602f2f4405f9b21 163562 libs optional libxfont1_1.4.5-3_amd64.deb 66dc79b3eb18021cf8ed0797ca0b488d 110928 debian-installer optional libxfont1-udeb_1.4.5-3_amd64.udeb 7be1ebe37aa9a76959c91541637bb45f 331050 debug extra libxfont1-dbg_1.4.5-3_amd64.deb caf49c2526f1f42f3de4ea06f1c7a7c0 215630 libdevel optional libxfont-dev_1.4.5-3_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSvJrrAAoJEDEBgAUJBeQMZQUQAK9a0cO5zwHBskWonsoFK4kt uDDyeJtZdtGvi8VwxlRNVUY6rO2vuamXjFbpvJ/6H+7Iq1W9TADDWcjv2KjUbdav t/Pd/TEU5tOu/5iZeKnChPcS/6V7z2S9AwnSa1Z5sTeR701h7ywXw+3tCPuUqtik gx3KkwGQS2nATz7lRHyR6DKrE4AtEkGwdwMKUy4gJjacIdg5mTtimjkBG8ZrMHM6 ZlWdKz62+HV3jPlx6BYJpNZXO2xzTOBn1QjnFHmcRL+eZi53xExPpSsxFIkW4tsf bowN6VSpqzIsMIU2bOmr9WjyXTXleeHfYuwjUUhaExqXyCUJkVBbvFy1HSQuhYS8 6IXTVKxHF0fsgL1B56QBO7gIVe1Puk7FLsdazmrsOfI6xy7X8lWpY6B6vGDQmcXT 9pE6tUVAYM0fTKe6uqHLgyjoNEc9e2gdG5FkQaYREFxjjwnZUcGreBKVuN5gz80H Rht4HMJmAV4MsFKQI2XLrE2djlqUvC/0GL8X9ZrhfWeGn+DWlv3C1FdTWLwf0VBt 4djeDcdcdHyIf6tm4IYhQjo8QWd85xuVIFXFjXLVVFuwG5M2XmkhAiiwblLj+BXP CShYjmeMy2EnsVtjq7pcR59JlOwOd3x6J7KXE5MPxa2k+BY9s4mBMW0LzZiDWm/6 mOcVMnOUbgJjsqEgsYd3 =nkbz -END PGP SIGNATURE- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0alv-0006tp...@franck.debian.org
Processing of libxfont_1.4.1-4_amd64.changes
libxfont_1.4.1-4_amd64.changes uploaded successfully to localhost along with the files: libxfont_1.4.1-4.dsc libxfont_1.4.1-4.diff.gz libxfont1_1.4.1-4_amd64.deb libxfont1-udeb_1.4.1-4_amd64.udeb libxfont1-dbg_1.4.1-4_amd64.deb libxfont-dev_1.4.1-4_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1w0ajz-0005h4...@franck.debian.org