-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libxfont Version : 1:1.4.5-5+deb7u1 CVE IDs : CVE-2017-13720 CVE-2017-13722
It was discovered that there two vulnerabilities the library providing font selection and rasterisation, libxfont: * CVE-2017-13720: If a pattern contained a '?' character any character in the string is skipped even if it was a '\0'. The rest of the matching then read invalid memory. * CVE-2017-13722: A malformed PCF file could cause the library to make reads from random heap memory that was behind the `strings` buffer, leading to an application crash or a information leak. For Debian 7 "Wheezy", this issue has been fixed in libxfont version 1:1.4.5-5+deb7u1. We recommend that you upgrade your libxfont packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlnYmRMACgkQHpU+J9Qx HlhKoA/9HVqQ9ior9NCXiOolSwFJhcBitRG3NMZ/6advruYb4xCq9KXeMbgGVoLO hZhI0+olyvhCw56CVqoFFaYeIGnpJ2mgsN7Z+4TYRKPKm4u9suz745WrxPEUeQta FalRwl43mzsEWEJxeKfDYVfUbn1zPLRhYNbdn1ofbzlTqZWhtMz0Zz4dG/pobTnn IEt6Z/HfIDTHGPVlxprEa7ojIoohflMdzMg9SbF1Oo+jCdq7LEaCfHtpG1RGOZnK 5mOVlvIHj0gC9N1thV5zSEUcnsuhbp19h+grhRvSgrvLbDOkQNbTuoUH2pi+uAwy xm9JD/eNqZq9bYVizSVCQ3ciyWtqiGtH505lN8NPxXEkthVBVA/9ZY0iX8PxtWiH c/wmZWx20qSVlGvNEkc6opxAoAU7Q2kUtPALrTK4vu+DsW37iADZ+OPkPHmMtfWd YhiKW/GJCYeWol0rxfnzitBPkQZHqnjJolz8Pz1JXYWNKcQkDq9HmVcz/1MD/KJ2 AI4xZKDZLAw1Uk0vxawLt3QIregK2Ic0OYrmwpUu03xElEGiGvqoSHnhGtJelaoH 3VtKfoeMG8BAskajhjIss4gtG9qJBZx4LRlvqcEZ8A8bsoVNcCcqZCOlXCrHKVbc XRjqpK81iQ07HHzN9vGcfv278mw36sdfm5kL0VlnitsnVWfzrLg= =6WjK -----END PGP SIGNATURE-----