CVE-2013-6462 in libXfont 1.4.6

Brought to you by: marha

#17 CVE-2013-6462 in libXfont 1.4.6

Milestone: v1.0_(example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2014-03-31

Created: 2014-03-25

Creator: MikeDeP333

Private: No

It appears that the master branch is still using libXfont 1.4.6, which is affected by CVE-2013-6462 (Jan. 7, 2014 - Stack buffer overflow in parsing of BDF font files in libXfont).

This would mean that all released versions of VcXsrv are affected as well.

The fix is included in upstream's libXfont 1.4.7.

http://www.x.org/wiki/Development/Security/

Discussion

MikeDeP333 - 2014-03-31

Commit d02e67 by marha fixed this. Its commit message:

Update following packages:
libXfont-1.4.7
xproto-7.0.25

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2013-6462 in libXfont 1.4.6

Group

Searches

Help

#17 CVE-2013-6462 in libXfont 1.4.6

Discussion