This release of libXfont provides the fixes for today's security advisory about BDF font parsing bugs. Like libXfont 1.5.0, it requires fontsproto 2.1.3 or later and will not build cleanly with older versions.
Alan Coopersmith (6): Remove unneeded checks for #ifndef X_NOT_POSIX Use 'imdent' to realign cpp indentation levels in fslibos.h bdfReadProperties: property count needs range check [CVE-2015-1802] bdfReadCharacters: bailout if a char's bitmap cannot be read [CVE-2015-1803] bdfReadCharacters: ensure metrics fit into xCharInfo struct [CVE-2015-1804] libXfont 1.5.1 Christos Zoulas (1): Set close-on-exec for font file I/O. git tag: libXfont-1.5.1 http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.1.tar.bz2 MD5: 96f76ba94b4c909230bac1e2dcd551c4 SHA1: e63a354de5dc2d8cba08d50add1519471412a618 SHA256: b70898527c73f9758f551bbab612af611b8a0962202829568d94f3edf4d86098 PGP: http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.1.tar.bz2.sig http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.1.tar.gz MD5: 8b621c4a57c114eb07eb4977e3106f9f SHA1: f85d51d7b26c66bf84b1c1394f282127d9bad12a SHA256: 7c65c8ac581a162ff4c8cd86c1db9e9f425132eb65b1cba0c9e905c6cb8a45f5 PGP: http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.5.1.tar.gz.sig -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
pgp99Axv_ReZS.pgp
Description: PGP signature
_______________________________________________ xorg-announce mailing list xorg-announce@lists.x.org http://lists.x.org/mailman/listinfo/xorg-announce