Contributed by phessler on from the accidentally-weaponized-comic-sans dept.
Check out the build details after the break.X Font Service Protocol & Font metadata file handling issues in libXfont CVE-2014-0209: integer overflow of allocations in font metadata file parsing CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies CVE-2014-0211: integer overflows calculating memory needs for xfs replies Please see the advisory for more information. http://lists.x.org/archives/xorg-announce/2014-May/002431.html
untrusted comment: signature from openbsd 5.5 base secret key RWRGy8gxk9N93+eLgi55eB+q+iJdk3vT7fqMhrHUN7dUsETsdek0CEyTtx7kXq9vjF5sYa/lCtsUIEgykH7yxDmuIuNUmE3wegc= OpenBSD 5.5 errata 6, May 24, 2014: X Font Service Protocol & Font metadata file handling issues in libXfont This is revision 2 of the patch (the first version forgot to use signify). Apply patch using: signify -Vep /etc/signify/openbsd-55-base.pub -x 006_libXfont.patch.sig \ -m - | (cd /usr/xenocara && patch -p0) Then build and install libXfont cd /usr/xenocara/lib/libXfont make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper build
(Comments are closed)