Package: libxfont1 Version: 1:1.0.0-4 Severity: grave Tags: security patch Justification: user security hole
>From http://secunia.com/advisories/20100/: A vulnerability has been reported in libXfont, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to integer overflows within the PCF font file parser. This can potentially be exploited to cause a heap-based buffer overflow via a specially crafted font file. See https://bugs.freedesktop.org/show_bug.cgi?id=7535 Patch is at http://bugs.freedesktop.org/attachment.cgi?id=6231 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
