Hello, I've just noticed that the libxfont backport for squeeze is out-of-date:
| libxfont | 1:1.2.2-2.etch1 | etch-security | source | libxfont | 1:1.2.2-2.etch1 | etch | source | libxfont | 1:1.3.3-1 | lenny | source | libxfont | 1:1.3.3-2 | lenny-p-u | source | libxfont | 1:1.3.3-2 | lenny-security | source | libxfont | 1:1.4.1-2 | squeeze | source | libxfont | 1:1.4.1-3 | squeeze-p-u | source | libxfont | 1:1.4.1-3 | squeeze-security | source | libxfont | 1:1.4.3-2~bpo60+1 | backports/squeeze | source << | libxfont | 1:1.4.4-1 | wheezy | source << | libxfont | 1:1.4.4-1 | sid | source The update from 1:1.4.3-2 to 1:1.4.4-1 contained security fixes, so probably the libxfont backport should be updated, too. (quoted changelog for easy reference) | libxfont (1:1.4.4-1) unstable; urgency=high | | [ Julien Cristau ] | * Drop Pre-Depends on x11-common (only needed for upgrades from the | monolith) and Replaces on xlibs-static-dev (hasn't existed in forever). | | [ Cyril Brulebois ] | * New upstream release: | - LZW decompress: fix for CVE-2011-2895. From the commit message: | “Specially crafted LZW stream can crash an application using libXfont | that is used to open untrusted font files. With X server, this may | allow privilege escalation when exploited.” | * Set urgency to “high” accordingly. | * Update debian/copyright from upstream COPYING. | * Bump xorg-sgml-doctools build-dep. | * Drop xorg.css from .install, no longer shipped upstream. | | -- Cyril Brulebois <[email protected]> Thu, 11 Aug 2011 11:17:16 +0200 It'd be great if you could upload an updated package to backports. Recompiling against bpo seems to still work. greetings, youam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
