Back to libxpm PTS page

Accepted libxpm 1:3.5.12-1+deb10u1 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libxpm 1:3.5.12-1+deb10u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 19 Jun 2023 22:50:27 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: libxpm_3.5.12-1+deb10u1_source.changes
Debian-source: libxpm
Debian-suite: oldoldstable
Debian-version: 1:3.5.12-1+deb10u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=UO9yew+QquN3JSU9iEp+JxKvwEzgvNcaTWIhILvLxwI=; b=O8j78wGFt1Ilp9uRphZOcYe/42 QTanTCH0DpVQwAhzeWw4rPhnAnz5kAJLY+JYMaiSQuDx/tPcx7zN1tH5Em4drg3e9p7M7HRUbNTIX jPTb5Yd3z52XurrAk9NFHKuZdPzTz/szEG2vjKyGTwTccqtbyQBamntHzV6HRTDGtRdRLE2o5mqzg gujlCKvd2avF2OnyQK/PySXFOZTx7cr8g8Nz5kgOqEKsMeDrJhanrAOdqZVm/ohOGQZKU1VLc5XZE deYs6oxBKOlg/nLxGPfd+xbhbloK4sNx4G+nvDQzWEbj98LJGdh16+UDPuhnav5Rg95TNmDVnpVZZ SMJt6+yg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qBNhb-007wW7-Lu@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 20:27:53 +0000
Source: libxpm
Architecture: source
Version: 1:3.5.12-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Bastien Roucaries <rouca@debian.org>
Changes:
 libxpm (1:3.5.12-1+deb10u1) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * Switch to dpkg-source 3.0 (quilt) format
   * Fix CVE-2022-4883: When processing files with
     .Z or .gz extensions, the library calls external programs
     to compress and uncompress files, relying on the
     PATH environment variable to find these programs,
     which could allow a malicious user to execute other programs
     by manipulating the PATH environment variable.
   * Fix CVE-2022-44617: When processing a file with width of 0
     and a very large height, some parser functions will be
     called repeatedly and can lead to an infinite loop,
     resulting in a Denial of Service in the application linked
     to the library.
   * Fix CVE-2022-46285: when parsing a file with a comment
     not closed an end-of-file condition will not be detected,
     leading to an infinite loop and resulting in a
     Denial of Service in the application linked to the library.
Checksums-Sha1:
 2f2ff124f2e28ae9593489060ec13136dace216f 2147 libxpm_3.5.12-1+deb10u1.dsc
 c837dfca61080a40031a3d9a83ea284acb619ab7 529302 libxpm_3.5.12.orig.tar.gz
 439209b8bcb035bea7c41d87d7a734668176360b 14652 libxpm_3.5.12-1+deb10u1.debian.tar.xz
 467a6c34e893ade9873c19485ac2a7bf27127af0 7552 libxpm_3.5.12-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 1680c3d9450181a0972dae12382d905964886122b355b0d97a8391d7fbe5e7de 2147 libxpm_3.5.12-1+deb10u1.dsc
 2523acc780eac01db5163267b36f5b94374bfb0de26fc0b5a7bee76649fd8501 529302 libxpm_3.5.12.orig.tar.gz
 b6e7d84a9db00a9c8832a22c113eabaa717263ee62bc7fe4c15ff12521a351fd 14652 libxpm_3.5.12-1+deb10u1.debian.tar.xz
 d7fc0b9a176fb49f0df7f26de62a1c5a2954722bedbcd5c3b904977176eb075b 7552 libxpm_3.5.12-1+deb10u1_amd64.buildinfo
Files:
 80af1320e15a459f5bc528929b6dbb7f 2147 x11 optional libxpm_3.5.12-1+deb10u1.dsc
 b286c884b11b5a0b4371175c5327141f 529302 x11 optional libxpm_3.5.12.orig.tar.gz
 700d9b51c80576ee58fce3ff75de16bc 14652 x11 optional libxpm_3.5.12-1+deb10u1.debian.tar.xz
 f63f9dca7e838487b6bf0fc31ef5b25f 7552 x11 optional libxpm_3.5.12-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSQ178RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9PPBAAn5qnWpEJBF4FICcrvJZhlpEVHZ+/Slyt
NTHjd2a9hT7lMuC8iLvH5elroLkpRAzp55oqHQHG/A+80M7DR0q4HPlmDTPaStWV
W0x4LFtz051m29/ywuY1kI/HF0sVjk7SaFbUemqnDdwxye3DD9jVJJpNt7shTw7i
nqYZTlbNv9QPSYnN1D1NDZDbSRK0Ifj6i9uYnfj/hMMZQ1kCsCfIRKzKzWFlWKAZ
l8z3H6Y6t9nDsnwUIk3gdjlKMFAm5PwuirUJWpiG0wzPwnkZT6GF8B5GIpnlbmxz
rLRSvamT12M4C56Xl9GoRtDGZt0oh+XrmVJENa9T+Wa1Ou3IuHk2MOatdOnBHBAf
vdfsX4znfaNPxVVGkMg+jsBYwusIP6+untyvqwWVHRGdXx4Tk0EczGEPELCLw+Ue
OQRZcY0gyAz6qZPxuBsXLa2hHwweXRAEkZjtq9i1mqVGr8zskr/W4tvn5gkOepuV
fkoxSbr27sf9kE9wOphZY/N0/iYNmnwqaGseGuXyhut7fPy5b2qZGT/+ttmeHRw8
aihN/3znwnql4Ae4RbwwbJ+Ieghg2/SXv/TvQ/yyV11JRvr86zZ6d6xpvf3iEU+L
CON1ApypVW5ggazWh7+PN6WHy+fmWYXW9plcXrouZCuhaDtKj1ZQNDFnrpwIalH4
N2B2XW42ebw=
=uEcY
-----END PGP SIGNATURE-----