Back to libx11 PTS page

Accepted libx11 2:1.6.2-3+deb8u2 (source all amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libx11 2:1.6.2-3+deb8u2 (source all amd64) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Wed, 29 Aug 2018 22:21:19 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1fv8pz-0005g6-DY@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Aug 2018 23:24:26 +0200
Source: libx11
Binary: libx11-6 libx11-6-udeb libx11-data libx11-6-dbg libx11-dev libx11-xcb1 libx11-xcb1-dbg libx11-xcb-dev libx11-doc
Architecture: source all amd64
Version: 2:1.6.2-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libx11-6   - X11 client-side library
 libx11-6-dbg - X11 client-side library (debug package)
 libx11-6-udeb - X11 client-side library (udeb)
 libx11-data - X11 client-side library
 libx11-dev - X11 client-side library (development headers)
 libx11-doc - X11 client-side library (development documentation)
 libx11-xcb-dev - Xlib/XCB interface library (development headers)
 libx11-xcb1 - Xlib/XCB interface library
 libx11-xcb1-dbg - Xlib/XCB interface library (debug package)
Changes:
 libx11 (2:1.6.2-3+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600:
   * CVE-2018-14599:
     The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable
     to an off-by-one override on malicious server responses.
   * CVE-2018-14600:
     The length value is interpreted as signed char on many systems (depending
     on default signedness of char), which can lead to an out of boundary write
     up to 128 bytes in front of the allocated storage, but limited to NUL
     byte(s).
   * CVE-2018-14598:
     If the server sends a reply in which even the first string would overflow
     the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a
     count of 0 is returned. This may trigger a segmentation fault leading to a
     Denial of Service.
Checksums-Sha1:
 d6e042ccc8ebe669d6fd0c1be7d7ece48a6b442e 2688 libx11_1.6.2-3+deb8u2.dsc
 351ae5bad88bb2b54b7f749f6096b518a3b13b29 3119924 libx11_1.6.2.orig.tar.gz
 5aa661618561fbf0a5e82ccf7ba638f3d008613a 75641 libx11_1.6.2-3+deb8u2.diff.gz
 5777c76bec436e60de311bf1fd7ace2f83f1c7b1 126192 libx11-data_1.6.2-3+deb8u2_all.deb
 49b871b575935e17269e1ce5e69cf5bf0857b8be 2716106 libx11-doc_1.6.2-3+deb8u2_all.deb
 4c6d1a31f0fdb9a114f2bf2c5a785829369c8279 729418 libx11-6_1.6.2-3+deb8u2_amd64.deb
 eeaacdf706aa08c567dcd8f9dcde4026a823594b 564632 libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
 97ed54930ab933754a370be586df7244b0f36472 1095934 libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
 c59468e496e2e774a62134566af45a01d62ede86 800332 libx11-dev_1.6.2-3+deb8u2_amd64.deb
 dc47edcd239f8db5268758fa4cf63df7ce8c8682 163132 libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
 a8a8719a76a4e794ee34424e791b2d6658094de6 173898 libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
 9345967462886eb68248cef24d7922487bd40ea0 165062 libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Checksums-Sha256:
 2a1f803b76d186b025d6c66172e2e6865cc5b65c7f03a0cdcece166f7cfdcfa6 2688 libx11_1.6.2-3+deb8u2.dsc
 b93739bcd517723121f508bcaf0c213c1bae9c5eacffdca571ff0d86c30ead3e 3119924 libx11_1.6.2.orig.tar.gz
 04a564142214edc6e3f0817eccb1c6f6263c882731b6c1d1eeddf57de7ed55c2 75641 libx11_1.6.2-3+deb8u2.diff.gz
 8b5c2679ca7ddee702ef58f2d31e7176bc7d08d648089a3b0ac48d51ec8f10e1 126192 libx11-data_1.6.2-3+deb8u2_all.deb
 712ea70ca14c8ede8edfaefe1792fd5c1226d76dd2771558a131f9c1ae17f601 2716106 libx11-doc_1.6.2-3+deb8u2_all.deb
 aac2335619b5a9ebabfd2be2d63d9f6791faf15993dc54abafde1fdf74297174 729418 libx11-6_1.6.2-3+deb8u2_amd64.deb
 07cc82b689f62ff90b621f19f1b5464584d6dad42597bc92d47f365a985fe032 564632 libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
 5d4661f6d4ebea1410527941473559eedaa9ef3befdd6609e2db7616cb02908f 1095934 libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
 8a3189ee53d6bf36558eaf262eb9bece3918df16906cf391eec28a96cbdee200 800332 libx11-dev_1.6.2-3+deb8u2_amd64.deb
 69a0e5b81ecd796ff0d99afc98ef3096a01509ce76bd615e05fb047f5772ecdb 163132 libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
 b4b4787f1852700d4bf40112b6cbe142322c5473944029ac4a2c903de2b951f0 173898 libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
 9e338b847f891604e9c0ec58031e79c06cca9c7c5ad0aedea7393c1291485486 165062 libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Files:
 eea90c39394e2ffb6c301e4457172ec0 2688 x11 optional libx11_1.6.2-3+deb8u2.dsc
 7e17129e1678355d8268883ee31a6edf 3119924 x11 optional libx11_1.6.2.orig.tar.gz
 21e992b6085e880a3f76ff4835c70fef 75641 x11 optional libx11_1.6.2-3+deb8u2.diff.gz
 a9f6bea66eb132d2a72018b690dbc70d 126192 x11 optional libx11-data_1.6.2-3+deb8u2_all.deb
 432d7bb44aa96545dd6409a0fc7420c9 2716106 doc optional libx11-doc_1.6.2-3+deb8u2_all.deb
 f82da797b57cfc830147cafc10b1c408 729418 libs optional libx11-6_1.6.2-3+deb8u2_amd64.deb
 985aef1d3660049d4d0919f195b0b161 564632 debian-installer optional libx11-6-udeb_1.6.2-3+deb8u2_amd64.udeb
 b33646db9c84ae42568d265713a36f4a 1095934 debug extra libx11-6-dbg_1.6.2-3+deb8u2_amd64.deb
 bb5c38d5cc5269053fa606a54fb5cf46 800332 libdevel optional libx11-dev_1.6.2-3+deb8u2_amd64.deb
 15f653f65f18882df30eeb3103a09d38 163132 libs optional libx11-xcb1_1.6.2-3+deb8u2_amd64.deb
 edca03cfa9d07b57f2a82edf0f4ea268 173898 debug extra libx11-xcb1-dbg_1.6.2-3+deb8u2_amd64.deb
 0389e2cc71f13dc90d4881f9c4a839d2 165062 libdevel optional libx11-xcb-dev_1.6.2-3+deb8u2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluHGJJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkthsP/3vBMGVeQE4rnpQN7rbMB8MF/ceojUBRtG3L
UNRqF0KCu78IAO6mrmz4ZHTybnpmf+8d/vvGHI42xaqZ+9pTrf5M8j2c4qUO0ZEf
DH3QpWz+ZpQ4reEncxCx6KbCHDJhasHL7iDblEboATeEQRBefMqpBzTSpzG6ljtE
6ryzdQH1tLwh76/15cHl2HWGO6Pvk2hpCoCClIeFtAU/GXgqriAWO2SEbnvVGG+a
HY1XoE8XDL7On3rXm1SC1oo+1Xn91XNlZ7H0AmcyPmM2IRuxz/KJMdxZrBgC7BfD
FrWINkyl9Ra4/2PoCsdgWaPz5F36fqF4tfaL1IMxmAcG7Vya8WDCRygD6pM8syFF
rhH7aTrbxAZNTaSU6xe4BjUzNpem+V5PTb8DhYDZK/GqkeEfTznC2oYBIXWIG81q
PGJF9nnot1aiZiv4rSQy2DikFcgPUKRaBAIllgRWJwFYnsMZz+5eEPA6I3f+8BiX
GRjxBNwR8ZcAVS2jNGcGPIK7agahwB/520XrfHkPJ689n2tR7dU005zK3UKSa7Kb
y9matWcwW3BPXuwyKrNqOLXN6H35JaSD64aAVT2Hu2pbTh9TfFRG6sRbyOnyu6Py
1TAR8zRQFVGmcsLRttXEwZC1950Z7kMEgyZVSsYzs3Priz0KWyIzTX8mR8naEnH/
DgQqrXNP
=YHau
-----END PGP SIGNATURE-----