-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 Oct 2017 09:23:56 +0100 Source: libxfont Binary: libxfont1 libxfont1-udeb libxfont1-dbg libxfont-dev Architecture: source amd64 Version: 1:1.4.5-5+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libxfont-dev - X11 font rasterisation library (development headers) libxfont1 - X11 font rasterisation library libxfont1-dbg - X11 font rasterisation library (debug package) libxfont1-udeb - X11 font rasterisation library (udeb) Changes: libxfont (1:1.4.5-5+deb7u1) wheezy-security; urgency=high . * CVE-2017-13720: If a pattern contained a '?' character any character in the string is skipped even if it was a '\0'. The rest of the matching then read invalid memory. * CVE-2017-13722: A malformed PCF file could cause the library to make reads from random heap memory that was behind the `strings` buffer, leading to an application crash or a information leak. Checksums-Sha1: cb4572bf34034bd25273b22fa378b9d4c1141ade 2267 libxfont_1.4.5-5+deb7u1.dsc 9b88310bac0a81783789a62f426202a921bab5ee 593436 libxfont_1.4.5.orig.tar.gz bde5b60ae048562bb761c0765eb2876a53a2f5e2 20298 libxfont_1.4.5-5+deb7u1.diff.gz 1dab0f1d1d44ca6fad2c16ff8f568245f3c896df 165130 libxfont1_1.4.5-5+deb7u1_amd64.deb 12c28b086be849c78c99a8906022b8e8460d1e31 112126 libxfont1-udeb_1.4.5-5+deb7u1_amd64.udeb 3aa95e82dd14ef218b71869185248bbc1f3d86b6 331518 libxfont1-dbg_1.4.5-5+deb7u1_amd64.deb 8bd49c5c868b30235e1f8ff3280ec08cbfdd17be 217730 libxfont-dev_1.4.5-5+deb7u1_amd64.deb Checksums-Sha256: e21eeecbde1d03a1354b23009d205724a72e29a165fc8892ef2b878b89ad4551 2267 libxfont_1.4.5-5+deb7u1.dsc d0eaa0b180b09986532ef4c2eba94a77c246fce7b8f263b8c45bb6dae30dc4e0 593436 libxfont_1.4.5.orig.tar.gz 5434575190c2ee8ea15a426f4044d0391fa40e5202aca64f535d598329590170 20298 libxfont_1.4.5-5+deb7u1.diff.gz 90d4fdc640fe547a06e110a0003968104894ab59f1bacd78f79efcc5fe60bd17 165130 libxfont1_1.4.5-5+deb7u1_amd64.deb f84b985fd29fc1519608a7e3a467e1ee02a83552ada394dadb3153aee9d42e24 112126 libxfont1-udeb_1.4.5-5+deb7u1_amd64.udeb 0e9de6adfe9f43b9047e04f57a048f2d884c225997e610645f7fa9b570572fa8 331518 libxfont1-dbg_1.4.5-5+deb7u1_amd64.deb 0b65effda4feb6b570e3c942a1bdf919cf7c9ad52e258fc21b689449adad596e 217730 libxfont-dev_1.4.5-5+deb7u1_amd64.deb Files: eac8b59c7610532450dea396233dd576 2267 x11 optional libxfont_1.4.5-5+deb7u1.dsc a54dea0debecf232a346c22e71d76836 593436 x11 optional libxfont_1.4.5.orig.tar.gz 5779b1fae6f61f389e2a1f645b24e485 20298 x11 optional libxfont_1.4.5-5+deb7u1.diff.gz 20ff7312361f65d051c863bf5d38b234 165130 libs optional libxfont1_1.4.5-5+deb7u1_amd64.deb 0d35a7e727a618d4b0db6f5b6dc1c9cc 112126 debian-installer optional libxfont1-udeb_1.4.5-5+deb7u1_amd64.udeb 89515149d235a4b592be1b3158e258a8 331518 debug extra libxfont1-dbg_1.4.5-5+deb7u1_amd64.deb 68660ebc61494ee99b6452fc648b3684 217730 libdevel optional libxfont-dev_1.4.5-5+deb7u1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlnYmSAACgkQHpU+J9Qx Hlj0Xg/9EhedOs0j343Nw7gq50AFg9DR+gNo4zEZmUlKOByKqmyzuWBQUqSHQYO9 /HkVlegHR70JLWq0HQFhQ5TLOcG0JuCQek3xWMit+xcoFZCIddZSWTlUE6vmV4tX kSbO7ZUDHR/q7T/3e2LuXkeugryMRTxZVIkwhOJpcB7LrK22ElNfa4//avYoDHH2 zXYeZGJv0fDezBfBdNlKKzOO9PpDTynfGJOBclaP54T/+Vf/eeJ0yrfLwSDY/JD3 PtXC0X/P61lmYlLlqrfsLJavH8cB2TdZD1qQbA5v+zevWAYQBQxh81hdd7yoi1QX 0w/XtkWhYVHDxDv518kh+H4vfnyasG5Qw/tzP3CMwbvTpX4GrkHGFJWQgPxuDFO7 cQln/5yUqhJsIgpXhBwcqOH+bWt7oMFe3LccHZYqtnGAymZcXCS1Ym8cqsS1VVBL tpn8b/Pvder+kYZtXL66nDemOaCkylSyko9NU+N8Ti88qytW9PQ7fFkFfvn8Kkmv 2HnmlTtX72BfcZSBA6ZfeDaPcGd0bOZrmd/gO1G/J9ILH3zn0GSww/48XwE6TXCP aYOieIgbzD1MazhfTvJXLLttixJyDumJImLgEIKEHvyBK36Q+fllnUCepntLdkhP UFkaBZnpzePia3lq1dIMFJxBmLZcngQbUJUgE5b5RV265teLe1A= =EFSI -----END PGP SIGNATURE-----