[ANNOUNCE] libXfont 1.4.4

Alan Coopersmith alan.coopersmith at oracle.com
Wed Aug 10 16:06:53 PDT 2011

Hash: SHA1

libXfont provides the core of the legacy X11 font system, handling the
index files (fonts.dir, fonts.alias, fonts.scale), the various font file
formats, and rasterizing them.   It is used by the X servers, the
X Font Server (xfs), and some font utilities (bdftopcf for instance),
but should not be used by normal X11 clients.  X11 clients access fonts
via either the new API's in libXft, or the legacy API's in libX11.

The major change in this release is a fix for:

    LZW decompress: fix for CVE-2011-2895

    Specially crafted LZW stream can crash an application using libXfont
    that is used to open untrusted font files.  With X server, this may
    allow privilege escalation when exploited

More information about this security issue can be found in the advisory at:

Alan Coopersmith (2):
      Sun's copyrights belong to Oracle now
      Fix memory leak in allocation failure path of BitmapOpenScalable()

Gaetan Nadon (4):
      config: HTML file generation: use the installed copy of xorg.css
      config: remove AC_PROG_CC as it overrides AC_PROG_C_C99
      config: comment, minor upgrade, quote and layout configure.ac
      doc: use common makefile for developers documentation

Matthieu Herrb (1):
      libXfont 1.4.4

Paulo Zanoni (1):
      Use docbookx.dtd version 4.3 for all docs

Thomas Hoger (1):
      LZW decompress: fix for CVE-2011-2895

git tag: libXfont-1.4.4

MD5:  f9942bc818d39094d7295b156a729393
SHA1: 189dd7a3756cb80bcf41b779bf05ec3c366e3041
SHA256: a2065f5f66882f7a9cb0eb674e16d284da48e449af443eda272e99832be8239a

MD5:  21312cee1347deaca18453f70c272ab0
SHA1: e5db2aaf6f35a28efdb0ef24e8839a5cd8f7d84d
SHA256: c52a978748d12ba0bbf54e60542e8e2ae5b624821e02b78cd2dc30b2aa9bb804

- -- 
	-Alan Coopersmith-        alan.coopersmith at oracle.com
	 Oracle Solaris Platform Engineering: X Window System

Version: GnuPG v2.0.17 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the xorg-announce mailing list