diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-August/007332.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-August/007332.html | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-August/007332.html b/zarb-ml/mageia-dev/2011-August/007332.html new file mode 100644 index 000000000..8c4558a14 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-August/007332.html @@ -0,0 +1,169 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2 + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRPM%5D%20cauldron%20core/release%20libxfont-1.4.4-1.mga2&In-Reply-To=%3CCAONrEtajeyfyxq9d2pk1mmO1VqyqRRGoeMNtK90pArhNh0N7Zg%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="007331.html"> + <LINK REL="Next" HREF="007333.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2</H1> + <B>Thierry Vignaud</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRPM%5D%20cauldron%20core/release%20libxfont-1.4.4-1.mga2&In-Reply-To=%3CCAONrEtajeyfyxq9d2pk1mmO1VqyqRRGoeMNtK90pArhNh0N7Zg%40mail.gmail.com%3E" + TITLE="[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2">thierry.vignaud at gmail.com + </A><BR> + <I>Sat Aug 13 19:57:15 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="007331.html">[Mageia-dev] [RPM] cauldron core/release smokekde-4.7.0-2.mga2 +</A></li> + <LI>Next message: <A HREF="007333.html">[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7332">[ date ]</a> + <a href="thread.html#7332">[ thread ]</a> + <a href="subject.html#7332">[ subject ]</a> + <a href="author.html#7332">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On 13 August 2011 16:01, Mageia Team <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">buildsystem-daemon at mageia.org</A>> wrote: +><i> tv <tv> 1.4.4-1.mga2: +</I>><i> + Revision: 132986 +</I>><i> - new release +</I> +For the record, this should be pushed as a security update (CVE-2011-2895): + +(Which I cannot do myself: + +mgarepo submit --define section=core/updates_testing -t 1 +Submitting libxfont at revision 132986 +URL: svn+<A HREF="ssh://svn.mageia.org/svn/packages/cauldron/libxfont">ssh://svn.mageia.org/svn/packages/cauldron/libxfont</A> +error: command failed: ssh pkgsubmit.mageia.org +/usr/local/bin/submit_package -t 1 --define +sid=b20025dc-e76d-4ed7-aab1-60365f8e8427 --define +section=core/updates_testing -r 132986 +svn+<A HREF="ssh://svn.mageia.org/svn/packages/cauldron/libxfont">ssh://svn.mageia.org/svn/packages/cauldron/libxfont</A> +error: <A HREF="svn://svn.mageia.org/svn/packages/cauldron/libxfont">svn://svn.mageia.org/svn/packages/cauldron/libxfont</A> is not +allowed for this target + +Are we forced to branch? + +---------- Forwarded message ---------- +From: Alan Coopersmith <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">alan.coopersmith at oracle.com</A>> +Date: 11 August 2011 01:06 +Subject: [ANNOUNCE] libXfont 1.4.4 +To: <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">xorg-announce at lists.freedesktop.org</A> +Cc: <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">xorg at lists.freedesktop.org</A> + + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +libXfont provides the core of the legacy X11 font system, handling the +index files (fonts.dir, fonts.alias, fonts.scale), the various font file +formats, and rasterizing them. It is used by the X servers, the +X Font Server (xfs), and some font utilities (bdftopcf for instance), +but should not be used by normal X11 clients. X11 clients access fonts +via either the new API's in libXft, or the legacy API's in libX11. + +The major change in this release is a fix for: + + LZW decompress: fix for CVE-2011-2895 + + Specially crafted LZW stream can crash an application using libXfont + that is used to open untrusted font files. With X server, this may + allow privilege escalation when exploited + +More information about this security issue can be found in the advisory at: +<A HREF="http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html">http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html</A> + + +Alan Coopersmith (2): + Sun's copyrights belong to Oracle now + Fix memory leak in allocation failure path of BitmapOpenScalable() + +Gaetan Nadon (4): + config: HTML file generation: use the installed copy of xorg.css + config: remove AC_PROG_CC as it overrides AC_PROG_C_C99 + config: comment, minor upgrade, quote and layout configure.ac + doc: use common makefile for developers documentation + +Matthieu Herrb (1): + libXfont 1.4.4 + +Paulo Zanoni (1): + Use docbookx.dtd version 4.3 for all docs + +Thomas Hoger (1): + LZW decompress: fix for CVE-2011-2895 + +git tag: libXfont-1.4.4 + +<A HREF="http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.bz2">http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.bz2</A> +MD5: f9942bc818d39094d7295b156a729393 +SHA1: 189dd7a3756cb80bcf41b779bf05ec3c366e3041 +SHA256: a2065f5f66882f7a9cb0eb674e16d284da48e449af443eda272e99832be8239a + +<A HREF="http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.gz">http://xorg.freedesktop.org/archive/individual/lib/libXfont-1.4.4.tar.gz</A> +MD5: 21312cee1347deaca18453f70c272ab0 +SHA1: e5db2aaf6f35a28efdb0ef24e8839a5cd8f7d84d +SHA256: c52a978748d12ba0bbf54e60542e8e2ae5b624821e02b78cd2dc30b2aa9bb804 + + +- -- + -Alan Coopersmith- <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">alan.coopersmith at oracle.com</A> + Oracle Solaris Platform Engineering: X Window System + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.17 (SunOS) +Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A> + +iEYEARECAAYFAk5DDw0ACgkQovueCB8tEw6HwQCaA46BZnpP5Uvt9qkmmdE/u5o6 +SsMAn1DK3Y8nIeu0fqL5WsgRL9oztlcs +=BD1h +-----END PGP SIGNATURE----- +_______________________________________________ +xorg-announce mailing list +<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">xorg-announce at lists.freedesktop.org</A> +<A HREF="http://lists.freedesktop.org/mailman/listinfo/xorg-announce">http://lists.freedesktop.org/mailman/listinfo/xorg-announce</A> +</PRE> + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="007331.html">[Mageia-dev] [RPM] cauldron core/release smokekde-4.7.0-2.mga2 +</A></li> + <LI>Next message: <A HREF="007333.html">[Mageia-dev] [RPM] cauldron core/release libxfont-1.4.4-1.mga2 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#7332">[ date ]</a> + <a href="thread.html#7332">[ thread ]</a> + <a href="subject.html#7332">[ subject ]</a> + <a href="author.html#7332">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |