> libxfont (1:1.4.7-1) unstable; urgency=high
> * New upstream release
> + CVE-2013-6462: unlimited sscanf overflows stack buffer in
> bdfReadCharacters()
> * Don't put dbg symbols from the udeb in the dbg package.
> * dev package is no longer Multi-Arch: same (closes: #720026).
> * Disable support for connecting to a font server. That code is horrible and
> full of holes.А вот и время [чендж-лога] до секунды с тайм-зоной!
+libxfont (1:1.4.7-1) unstable;
+ -- Julien Cristau <jcristau@debian.org> Tue, 07 Jan 2014 17:51:29 +0100
20:51:29 по MSK
---- Желающие посоресноваться могут заглянуть сюда:
https://security-tracker.debian.org/tracker/CVE-2013-6462
В забеге участвуют версии squeeze =oldstable (security) и wheezy =stable (security) от 26 декабря.
+libxfont (1:1.4.1-4) squeeze-security; urgency=high
+ * unlimited sscanf can overflow stack buffer in bdfReadCharacters()
+ -- Julien Cristau <jcristau@debian.org> Thu, 26 Dec 2013 21:36:57 +0100
+libxfont (1:1.4.5-3) wheezy-security; urgency=high
+ * unlimited sscanf can overflow stack buffer in bdfReadCharacters()
+ -- Julien Cristau <jcristau@debian.org> Thu, 26 Dec 2013 21:54:48 +0100
author Alan Coopersmith <alan.coopersmith@oracle.com> 2013-12-24 02:34:02 (GMT)
committer Alan Coopersmith <alan.coopersmith@oracle.com> 2013-12-31 02:09:45 (GMT)
Дебиановский патч ссылается аж на 17ое сентября
+From b07483b605e77ea475b97d5dc829a7d5eb10a5d6 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Mon, 23 Dec 2013 18:34:02 -0800