[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2

Thierry Vignaud thierry.vignaud at gmail.com
Sat Aug 13 19:57:15 CEST 2011

On 13 August 2011 16:01, Mageia Team <buildsystem-daemon at mageia.org> wrote:
> tv <tv> 1.4.4-1.mga2:
> + Revision: 132986
> - new release

For the record, this should be pushed as a security update (CVE-2011-2895):

(Which I cannot do myself:

mgarepo submit  --define section=core/updates_testing -t 1
Submitting libxfont at revision 132986
URL: svn+ssh://svn.mageia.org/svn/packages/cauldron/libxfont
error: command failed: ssh pkgsubmit.mageia.org
/usr/local/bin/submit_package -t 1 --define
sid=b20025dc-e76d-4ed7-aab1-60365f8e8427 --define
section=core/updates_testing -r 132986
error: svn://svn.mageia.org/svn/packages/cauldron/libxfont is not
allowed for this target

Are we forced to branch?

---------- Forwarded message ----------
From: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: 11 August 2011 01:06
Subject: [ANNOUNCE] libXfont 1.4.4
To: xorg-announce at lists.freedesktop.org
Cc: xorg at lists.freedesktop.org

Hash: SHA1

libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them.   It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients.  X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.

The major change in this release is a fix for:

   LZW decompress: fix for CVE-2011-2895

   Specially crafted LZW stream can crash an application using libXfont
   that is used to open untrusted font files.  With X server, this may
   allow privilege escalation when exploited

More information about this security issue can be found in the advisory at:

Alan Coopersmith (2):
     Sun's copyrights belong to Oracle now
     Fix memory leak in allocation failure path of BitmapOpenScalable()

Gaetan Nadon (4):
     config: HTML file generation: use the installed copy of xorg.css
     config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
     config: comment, minor upgrade, quote and layout configure.ac
     doc: use common makefile for developers documentation

Matthieu Herrb (1):
     libXfont 1.4.4

Paulo Zanoni (1):
     Use docbookx.dtd version 4.3 for all docs

Thomas Hoger (1):
     LZW decompress: fix for CVE-2011-2895

git tag: libXfont-1.4.4

MD5:  f9942bc818d39094d7295b156a729393
SHA1: 189dd7a3756cb80bcf41b779bf05ec3c366e3041
SHA256: a2065f5f66882f7a9cb0eb674e16d284da48e449af443eda272e99832be8239a

MD5:  21312cee1347deaca18453f70c272ab0
SHA1: e5db2aaf6f35a28efdb0ef24e8839a5cd8f7d84d
SHA256: c52a978748d12ba0bbf54e60542e8e2ae5b624821e02b78cd2dc30b2aa9bb804

- --
       -Alan Coopersmith-        alan.coopersmith at oracle.com
        Oracle Solaris Platform Engineering: X Window System

Version: GnuPG v2.0.17 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

xorg-announce mailing list
xorg-announce at lists.freedesktop.org

More information about the Mageia-dev mailing list