On Sun, 2006-08-20 at 00:11 +0200, Frans Pop wrote: > On Thursday 17 August 2006 00:45, Drew Parsons wrote: > > a security patch has been applied to libxfont in unstable (libxfont > > 1:1.2.0-2). The bug relates to broken pcf font files and is referenced > > in CVE-2006-3467. > > > > It may possibly be appropriate to consider applying > > 10_freetype_buffer_overflow.patch as well. > > As sometime stable release manager for XFree86, I have prepared an update > incorporating both patches. The debdiff against current stable is > attached. >
Thanks Frans. > Drew: > - is it correct there is no CVE number associated with the second patch? That's correct. Although it fixes a buffer overrun, the upstream authors consider it non-exploitable. You could therefore consider it optional in regards to patching stable. > - any way to test if the vulnerabilities are actually fixed? The upstream bug report at https://bugs.freedesktop.org/show_bug.cgi?id=7535 contains a broken font attached at https://bugs.freedesktop.org/attachment.cgi?id=6230 . This font is supposed to trigger the bug, although I did not test it explicitly for the version in unstable, I simply applied the patch. The procedure for testing, after placing the font in ~/badfont, is xset +fp ~/badfont/ xfontsel which triggers a SIGSEGV in strlen(). Thanks for the help, Drew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
