Accepted libx11 2:1.6.2-3+deb8u2 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Aug 2018 23:24:26 +0200
Source: libx11
Binary: libx11-6 libx11-6-udeb libx11-data libx11-6-dbg libx11-dev libx11-xcb1 libx11-xcb1-dbg libx11-xcb-dev libx11-doc
Architecture: source all amd64
Version: 2:1.6.2-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libx11-6 - X11 client-side library
libx11-6-dbg - X11 client-side library (debug package)
libx11-6-udeb - X11 client-side library (udeb)
libx11-data - X11 client-side library
libx11-dev - X11 client-side library (development headers)
libx11-doc - X11 client-side library (development documentation)
libx11-xcb-dev - Xlib/XCB interface library (development headers)
libx11-xcb1 - Xlib/XCB interface library
libx11-xcb1-dbg - Xlib/XCB interface library (debug package)
Changes:
libx11 (2:1.6.2-3+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600:
* CVE-2018-14599:
The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable
to an off-by-one override on malicious server responses.
* CVE-2018-14600:
The length value is interpreted as signed char on many systems (depending
on default signedness of char), which can lead to an out of boundary write
up to 128 bytes in front of the allocated storage, but limited to NUL
byte(s).
* CVE-2018-14598:
If the server sends a reply in which even the first string would overflow
the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a
count of 0 is returned. This may trigger a segmentation fault leading to a
Denial of Service.
Checksums-Sha1:
d6e042ccc8ebe669d6fd0c1be7d7ece48a6b442e 2688 libx11_1.6.2-3+deb8u2.dsc
351ae5bad88bb2b54b7f749f6096b518a3b13b29 3119924 libx11_1.6.2.orig.tar.gz
5aa661618561fbf0a5e82ccf7ba638f3d008613a 75641 libx11_1.6.2-3+deb8u2.diff.gz
5777c76bec436e60de311bf1fd7ace2f83f1c7b1 126192 libx11-data_1.6.2-3+deb8u2_all.deb
49b871b575935e17269e1ce5e69cf5bf0857b8be 2716106 libx11-doc_1.6.2-3+deb8u2_all.deb
4c6d1a31f0fdb9a114f2bf2c5a785829369c8279 729418 libx11-6_1.6.2-3+deb8u2_amd64.deb
eeaacdf706aa08c567dcd8f9dcde4026a823594b 564632 libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
97ed54930ab933754a370be586df7244b0f36472 1095934 libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
c59468e496e2e774a62134566af45a01d62ede86 800332 libx11-dev_1.6.2-3+deb8u2_amd64.deb
dc47edcd239f8db5268758fa4cf63df7ce8c8682 163132 libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
a8a8719a76a4e794ee34424e791b2d6658094de6 173898 libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
9345967462886eb68248cef24d7922487bd40ea0 165062 libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Checksums-Sha256:
2a1f803b76d186b025d6c66172e2e6865cc5b65c7f03a0cdcece166f7cfdcfa6 2688 libx11_1.6.2-3+deb8u2.dsc
b93739bcd517723121f508bcaf0c213c1bae9c5eacffdca571ff0d86c30ead3e 3119924 libx11_1.6.2.orig.tar.gz
04a564142214edc6e3f0817eccb1c6f6263c882731b6c1d1eeddf57de7ed55c2 75641 libx11_1.6.2-3+deb8u2.diff.gz
8b5c2679ca7ddee702ef58f2d31e7176bc7d08d648089a3b0ac48d51ec8f10e1 126192 libx11-data_1.6.2-3+deb8u2_all.deb
712ea70ca14c8ede8edfaefe1792fd5c1226d76dd2771558a131f9c1ae17f601 2716106 libx11-doc_1.6.2-3+deb8u2_all.deb
aac2335619b5a9ebabfd2be2d63d9f6791faf15993dc54abafde1fdf74297174 729418 libx11-6_1.6.2-3+deb8u2_amd64.deb
07cc82b689f62ff90b621f19f1b5464584d6dad42597bc92d47f365a985fe032 564632 libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
5d4661f6d4ebea1410527941473559eedaa9ef3befdd6609e2db7616cb02908f 1095934 libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
8a3189ee53d6bf36558eaf262eb9bece3918df16906cf391eec28a96cbdee200 800332 libx11-dev_1.6.2-3+deb8u2_amd64.deb
69a0e5b81ecd796ff0d99afc98ef3096a01509ce76bd615e05fb047f5772ecdb 163132 libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
b4b4787f1852700d4bf40112b6cbe142322c5473944029ac4a2c903de2b951f0 173898 libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
9e338b847f891604e9c0ec58031e79c06cca9c7c5ad0aedea7393c1291485486 165062 libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Files:
eea90c39394e2ffb6c301e4457172ec0 2688 x11 optional libx11_1.6.2-3+deb8u2.dsc
7e17129e1678355d8268883ee31a6edf 3119924 x11 optional libx11_1.6.2.orig.tar.gz
21e992b6085e880a3f76ff4835c70fef 75641 x11 optional libx11_1.6.2-3+deb8u2.diff.gz
a9f6bea66eb132d2a72018b690dbc70d 126192 x11 optional libx11-data_1.6.2-3+deb8u2_all.deb
432d7bb44aa96545dd6409a0fc7420c9 2716106 doc optional libx11-doc_1.6.2-3+deb8u2_all.deb
f82da797b57cfc830147cafc10b1c408 729418 libs optional libx11-6_1.6.2-3+deb8u2_amd64.deb
985aef1d3660049d4d0919f195b0b161 564632 debian-installer optional libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
b33646db9c84ae42568d265713a36f4a 1095934 debug extra libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
bb5c38d5cc5269053fa606a54fb5cf46 800332 libdevel optional libx11-dev_1.6.2-3+deb8u2_amd64.deb
15f653f65f18882df30eeb3103a09d38 163132 libs optional libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
edca03cfa9d07b57f2a82edf0f4ea268 173898 debug extra libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
0389e2cc71f13dc90d4881f9c4a839d2 165062 libdevel optional libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluHGJJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkthsP/3vBMGVeQE4rnpQN7rbMB8MF/ceojUBRtG3L
UNRqF0KCu78IAO6mrmz4ZHTybnpmf+8d/vvGHI42xaqZ+9pTrf5M8j2c4qUO0ZEf
DH3QpWz+ZpQ4reEncxCx6KbCHDJhasHL7iDblEboATeEQRBefMqpBzTSpzG6ljtE
6ryzdQH1tLwh76/15cHl2HWGO6Pvk2hpCoCClIeFtAU/GXgqriAWO2SEbnvVGG+a
HY1XoE8XDL7On3rXm1SC1oo+1Xn91XNlZ7H0AmcyPmM2IRuxz/KJMdxZrBgC7BfD
FrWINkyl9Ra4/2PoCsdgWaPz5F36fqF4tfaL1IMxmAcG7Vya8WDCRygD6pM8syFF
rhH7aTrbxAZNTaSU6xe4BjUzNpem+V5PTb8DhYDZK/GqkeEfTznC2oYBIXWIG81q
PGJF9nnot1aiZiv4rSQy2DikFcgPUKRaBAIllgRWJwFYnsMZz+5eEPA6I3f+8BiX
GRjxBNwR8ZcAVS2jNGcGPIK7agahwB/520XrfHkPJ689n2tR7dU005zK3UKSa7Kb
y9matWcwW3BPXuwyKrNqOLXN6H35JaSD64aAVT2Hu2pbTh9TfFRG6sRbyOnyu6Py
1TAR8zRQFVGmcsLRttXEwZC1950Z7kMEgyZVSsYzs3Priz0KWyIzTX8mR8naEnH/
DgQqrXNP
=YHau
-----END PGP SIGNATURE-----