← Back to branch summary

~ubuntu-branches/ubuntu/utopic/libxfont/utopic-proposed

~ubuntu-branches/ubuntu/utopic/libxfont/utopic-proposed

Viewing all changes in revision 33.

Committer: Package Import Robot
Author(s): Julien Cristau
Date: 2014-05-13 17:25:49 UTC
Revision ID: package-import@ubuntu.com-20140513172549-0tospr47im3q9bej

Tags: 1:1.4.7-2

http://bugs.debian.org/746052

* Pull from upstream git to fix FTBFS with new fontsproto (closes: #746052)
* CVE-2014-0209: integer overflow of allocations in font metadata
* CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
* CVE-2014-0211: integer overflows calculating memory needs for xfs replies
* Add breaks on xfs because we broke it by disabling font protocol support
in 1.4.7.

files added:
debian/patches

debian/patches/0001-CVE-2014-XXXA-integer-overflow-of-realloc-size-in-Fo.patch

debian/patches/0002-CVE-2014-XXXA-integer-overflow-of-realloc-size-in-le.patch

debian/patches/0003-CVE-2014-XXXB-unvalidated-length-in-_fs_recv_conn_se.patch

debian/patches/0004-CVE-2014-XXXB-unvalidated-lengths-when-reading-repli.patch

debian/patches/0005-CVE-2014-XXXC-Integer-overflow-in-fs_get_reply-_fs_s.patch

debian/patches/0006-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_q.patch

debian/patches/0007-CVE-2014-XXXC-integer-overflow-in-fs_read_extent_inf.patch

debian/patches/0008-CVE-2014-XXXC-integer-overflow-in-fs_alloc_glyphs.patch

debian/patches/0009-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_e.patch

debian/patches/0010-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_g.patch

debian/patches/0011-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_l.patch

debian/patches/0012-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_l.patch

debian/patches/series

files modified:
ChangeLog

README

configure.ac

debian/changelog

debian/control

include/X11/fonts/fntfil.h

include/X11/fonts/fontmisc.h

src/FreeType/ftfuncs.c

src/FreeType/xttcap.c

src/bitmap/bitscale.c

src/builtins/builtin.h

src/builtins/dir.c

src/builtins/file.c

src/builtins/fpe.c

src/fc/fsconvert.c

src/fc/fserve.c

src/fc/fserve.h

src/fontfile/bufio.c

src/fontfile/catalogue.c

src/fontfile/dirfile.c

src/fontfile/fontfile.c

src/util/patcache.c

Show diffs side-by-side

added added

removed removed

debian/changelog

debian/patches/

debian/patches/0001-CVE-2014-XXXA-integer-overflow-of-realloc-size-in-Fo.patch

debian/patches/0002-CVE-2014-XXXA-integer-overflow-of-realloc-size-in-le.patch

debian/patches/0003-CVE-2014-XXXB-unvalidated-length-in-_fs_recv_conn_se.patch

debian/patches/0004-CVE-2014-XXXB-unvalidated-lengths-when-reading-repli.patch

debian/patches/0005-CVE-2014-XXXC-Integer-overflow-in-fs_get_reply-_fs_s.patch

debian/patches/0006-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_q.patch

debian/patches/0007-CVE-2014-XXXC-integer-overflow-in-fs_read_extent_inf.patch

debian/patches/0008-CVE-2014-XXXC-integer-overflow-in-fs_alloc_glyphs.patch

debian/patches/0009-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_e.patch

debian/patches/0010-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_g.patch

debian/patches/0011-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_l.patch

debian/patches/0012-CVE-2014-XXXB-unvalidated-length-fields-in-fs_read_l.patch

debian/patches/series

include/X11/fonts/fntfil.h

include/X11/fonts/fontmisc.h

src/FreeType/ftfuncs.c

src/FreeType/xttcap.c

src/bitmap/bitscale.c

src/builtins/builtin.h

src/builtins/dir.c

src/builtins/file.c

src/builtins/fpe.c

src/fc/fsconvert.c

src/fc/fserve.c

src/fc/fserve.h

src/fontfile/bufio.c

src/fontfile/catalogue.c

src/fontfile/dirfile.c

src/fontfile/fontfile.c

src/util/patcache.c

Older »