Branches for Precise

Author: Cyril Brulebois
Revision Date: 2011-08-11 11:11:28 UTC

[ Julien Cristau ]
* Drop Pre-Depends on x11-common (only needed for upgrades from the
  monolith) and Replaces on xlibs-static-dev (hasn't existed in forever).

[ Cyril Brulebois ]
* New upstream release:
  - LZW decompress: fix for CVE-2011-2895. From the commit message:
    “Specially crafted LZW stream can crash an application using libXfont
     that is used to open untrusted font files. With X server, this may
     allow privilege escalation when exploited.”
* Set urgency to “high” accordingly.
* Update debian/copyright from upstream COPYING.
* Bump xorg-sgml-doctools build-dep.
* Drop xorg.css from .install, no longer shipped upstream.

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804

Author: Marc Deslauriers
Revision Date: 2015-03-18 07:33:04 UTC

* SECURITY UPDATE: arbitrary code exection via invalid property count
  - debian/patches/CVE-2015-1802.patch: check for integer overflow in
    src/bitmap/bdfread.c.
  - CVE-2015-1802
* SECURITY UPDATE: arbitrary code execution via bitmap data parse failure
  - debian/patches/CVE-2015-1803.patch: bail out if bitmap can't be read
    in src/bitmap/bdfread.c.
  - CVE-2015-1803
* SECURITY UPDATE: arbitrary code execution via invalid metrics
  - debian/patches/CVE-2015-1804.patch: ensure metrics fit in struct in
    src/bitmap/bdfread.c.
  - CVE-2015-1804