Accepted libxpm 1:3.5.12-1.1+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted libxpm 1:3.5.12-1.1+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 07 Oct 2023 18:32:09 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libxpm_3.5.12-1.1+deb12u1_source.changes
- Debian-source: libxpm
- Debian-suite: proposed-updates
- Debian-version: 1:3.5.12-1.1+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Qi6kutp+jdpGtrXZHNPu69MU/GLUwGf0A9sv9io6VPg=; b=Wn3STeZXp4TYqXx5l3CEUi60nA yweIgyMpnTNNnimYSW4Yc9yO8SuidM+OA8gQmWbhux2X3dS2PR+zqPJM/GJVM2QV0Y9BYP6UswSuu dkqiBlx4sabHcQRelc8JiNZ7K7nhmjyRidDOiglbfMavRFruL5IL26wI/ls0UBKdGQjHcp49LiTaQ PG74Zv/l096Kyw+gTyQ7gByJNw9XDlMRY9kTqH21eplbUGoc2MvWgCagL5tMXyhj3A+BpOUOPbAbp 2t45QCwPhH0InY5ZtVfrB65A1WmpAjhTTfEfzecPb0kNOSaBAonny/GaQs6QQ+mI27BcK3IZAfKTA Lw1HRErg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qpC5x-00Ctae-Ou@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Oct 2023 11:59:05 +0200
Source: libxpm
Architecture: source
Version: 1:3.5.12-1.1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Changes:
libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high
.
* CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer()
* CVE-2023-43789: out of bounds read on XPM with corrupted colormap
* Avoid CVE-2023-43786: stack exhaustion in XPutImage()
* Avoid CVE-2023-43787 (integer overflow in XCreateImage)
Checksums-Sha1:
0b3a62c31960ea86b06c6a56e2c2959d02a48c2c 2133 libxpm_3.5.12-1.1+deb12u1.dsc
c837dfca61080a40031a3d9a83ea284acb619ab7 529302 libxpm_3.5.12.orig.tar.gz
d8eb5bfcb0708b31f43cc5af1deb1e4f43438959 22630 libxpm_3.5.12-1.1+deb12u1.diff.gz
Checksums-Sha256:
a7e5148f8f701fb719f1942ce2586f67d2e8a80aa8f543c3a7a943680476b5fd 2133 libxpm_3.5.12-1.1+deb12u1.dsc
2523acc780eac01db5163267b36f5b94374bfb0de26fc0b5a7bee76649fd8501 529302 libxpm_3.5.12.orig.tar.gz
4ff8a893db351f9a3ab9528bba3f697ca987c567217c35186d10e9d8363dcfc4 22630 libxpm_3.5.12-1.1+deb12u1.diff.gz
Files:
586a341c030f545b963cc28bd1f747b0 2133 x11 optional libxpm_3.5.12-1.1+deb12u1.dsc
b286c884b11b5a0b4371175c5327141f 529302 x11 optional libxpm_3.5.12.orig.tar.gz
ba4fc857da6a5c0681ce63cdcb49c440 22630 x11 optional libxpm_3.5.12-1.1+deb12u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmUb5ngUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z61qyA//SBIx97OWcKSx7vRWc4twwAd1ovpy
B+q+Op5Q+9eBfUHGXcw5ZDUghwKnbUYZv0+ZG3w617TGNAd6bx9u6NHgeY1/UwEz
r070O4J1EW06a2DUXsB6hPzP6dffJUZdw9QQ9zQxDyr2bwUeFku+avQROVJQVzYc
sEKn/5KkLyj5Pjp14yRdf7xjmDlJD/5t2G2gaBJcn6XhH6Zo9PH/s/hpY832T7a8
toGLvBc9f8/V2MiSqoTACJ7NPjXQWSxXV4QJj2h9vfAYs7pdaZTdHsuqQeeM9slh
81OgwRDA/g60IUIgMm71A/j5+f+EJd3Fioe3wcUhantYSxxFBmwAAJdzC82Wmwi6
7/QhmHngguZHzTRB5YH3LneITjYEuunM16Y54P+yaQw69lOZkjHnaMgiCvflGZVQ
wEfgiUeG2IWxcVvg4gC/64onDLgb6xlLx9U41NYwrwRaLYetpwTcioq54qZWt+Hx
77w80WyCt1Uh6bhXjq2LAcA4svn2/pqCWdbvavVhRZ28D7lBrzAJalpshRMXWlP+
ozbbtUDPo7a7J+px/KztCTjmcKpAOqszI+xpDnbHW2iUG6QlmvLVDZEccEEc02xf
7FMsowj1PXdxEUtfF4cqBbYlp4mZ7JXmEmux/P5ZgyAVBZh5MWwuUifj0avq0glS
zXhtF9ZvYsEwz5o=
=IOYp
-----END PGP SIGNATURE-----