Accepted xfs 1:1.0.1-7 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 02 Oct 2007 20:21:48 +0200
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.1-7
Distribution: stable-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
xfs - X font server
Changes:
xfs (1:1.0.1-7) stable-security; urgency=high
.
* Security upload.
* Fix several vulnerabilities (CVE-2007-4568):
The QueryXBitmaps and QueryXExtents protocol requests suffer
from lack of validation of their 'length' parameters. Maliciously
crafted requests can either cause two different problems with both
requests:
+ An integer overflow in the computation of the size of a dynamic
buffer can lead to a heap overflow in the build_range() function.
+ An arbitrary number of bytes on the heap can be swapped by the
swap_char2b() function.
* See upstream security advisory:
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
Files:
6090b1b5d0c40f41cf8466d4be26c86c 794 x11 optional xfs_1.0.1-7.dsc
47090deff75f0478f865e79b88e22ce6 29837 x11 optional xfs_1.0.1-7.diff.gz
3d4296688c5a823219dc42f8de0a2675 57298 x11 optional xfs_1.0.1-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHBev3mEvTgKxfcAwRAix3AKCo8BvlazYgW7J8pVXeOZ23zl2DnwCff9cg
BFR+FBEOp1RQpVDZQApvhls=
=9fxF
-----END PGP SIGNATURE-----
Accepted:
xfs_1.0.1-7.diff.gz
to pool/main/x/xfs/xfs_1.0.1-7.diff.gz
xfs_1.0.1-7.dsc
to pool/main/x/xfs/xfs_1.0.1-7.dsc
xfs_1.0.1-7_i386.deb
to pool/main/x/xfs/xfs_1.0.1-7_i386.deb