#17 CVE-2013-6462 in libXfont 1.4.6

v1.0_(example)
open
nobody
None
5
2014-03-31
2014-03-25
MikeDeP333
No

It appears that the master branch is still using libXfont 1.4.6, which is affected by CVE-2013-6462 (Jan. 7, 2014 - Stack buffer overflow in parsing of BDF font files in libXfont).

This would mean that all released versions of VcXsrv are affected as well.

The fix is included in upstream's libXfont 1.4.7.

http://www.x.org/wiki/Development/Security/

Discussion

  • MikeDeP333
    MikeDeP333
    2014-03-31

    Commit d02e67 by marha fixed this. Its commit message:

    Update following packages:
    libXfont-1.4.7
    xproto-7.0.25