[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2
Thierry Vignaud
thierry.vignaud at gmail.com
Sat Aug 13 19:57:15 CEST 2011
On 13 August 2011 16:01, Mageia Team <buildsystem-daemon at mageia.org> wrote:
> tv <tv> 1.4.4-1.mga2:
> + Revision: 132986
> - new release
For the record, this should be pushed as a security update (CVE-2011-2895):
(Which I cannot do myself:
mgarepo submit --define section=core/updates_testing -t 1
Submitting libxfont at revision 132986
URL: svn+ssh://svn.mageia.org/svn/packages/cauldron/libxfont
error: command failed: ssh pkgsubmit.mageia.org
/usr/local/bin/submit_package -t 1 --define
sid=b20025dc-e76d-4ed7-aab1-60365f8e8427 --define
section=core/updates_testing -r 132986
svn+ssh://svn.mageia.org/svn/packages/cauldron/libxfont
error: svn://svn.mageia.org/svn/packages/cauldron/libxfont is not
allowed for this target
Are we forced to branch?
---------- Forwarded message ----------
From: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: 11 August 2011 01:06
Subject: [ANNOUNCE] libXfont 1.4.4
To: xorg-announce at lists.freedesktop.org
Cc: xorg at lists.freedesktop.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them. It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients. X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.
The major change in this release is a fix for:
LZW decompress: fix for CVE-2011-2895
Specially crafted LZW stream can crash an application using libXfont
that is used to open untrusted font files. With X server, this may
allow privilege escalation when exploited
More information about this security issue can be found in the advisory at:
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
Alan Coopersmith (2):
Sun's copyrights belong to Oracle now
Fix memory leak in allocation failure path of BitmapOpenScalable()
Gaetan Nadon (4):
config: HTML file generation: use the installed copy of xorg.css
config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
config: comment, minor upgrade, quote and layout configure.ac
doc: use common makefile for developers documentation
Matthieu Herrb (1):
libXfont 1.4.4
Paulo Zanoni (1):
Use docbookx.dtd version 4.3 for all docs
Thomas Hoger (1):
LZW decompress: fix for CVE-2011-2895
git tag: libXfont-1.4.4
http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.bz2
MD5: f9942bc818d39094d7295b156a729393
SHA1: 189dd7a3756cb80bcf41b779bf05ec3c366e3041
SHA256: a2065f5f66882f7a9cb0eb674e16d284da48e449af443eda272e99832be8239a
http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.gz
MD5: 21312cee1347deaca18453f70c272ab0
SHA1: e5db2aaf6f35a28efdb0ef24e8839a5cd8f7d84d
SHA256: c52a978748d12ba0bbf54e60542e8e2ae5b624821e02b78cd2dc30b2aa9bb804
- --
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5DDw0ACgkQovueCB8tEw6HwQCaA46BZnpP5Uvt9qkmmdE/u5o6
SsMAn1DK3Y8nIeu0fqL5WsgRL9oztlcs
=BD1h
-----END PGP SIGNATURE-----
_______________________________________________
xorg-announce mailing list
xorg-announce at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/xorg-announce
More information about the Mageia-dev
mailing list