Back to xfs PTS page

Accepted xfs 1:1.0.1-7 (source i386)

To: debian-changes@lists.debian.org
Subject: Accepted xfs 1:1.0.1-7 (source i386)
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 16 Oct 2007 19:56:20 +0000
Message-id: <E1IhsWa-0005ck-3K@ries.debian.org>
Sender: Archive Administrator <dak@ftp-master.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 02 Oct 2007 20:21:48 +0200
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.1-7
Distribution: stable-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 xfs        - X font server
Changes: 
 xfs (1:1.0.1-7) stable-security; urgency=high
 .
   * Security upload.
   * Fix several vulnerabilities (CVE-2007-4568):
     The QueryXBitmaps and QueryXExtents protocol requests suffer
     from lack of validation of their 'length' parameters. Maliciously
     crafted requests can either cause two different problems with both
     requests:
     + An integer overflow in the computation of the size of a dynamic
       buffer can lead to a heap overflow in the build_range() function.
     + An arbitrary number of bytes on the heap can be swapped by the
       swap_char2b() function.
   * See upstream security advisory:
     http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
Files: 
 6090b1b5d0c40f41cf8466d4be26c86c 794 x11 optional xfs_1.0.1-7.dsc
 47090deff75f0478f865e79b88e22ce6 29837 x11 optional xfs_1.0.1-7.diff.gz
 3d4296688c5a823219dc42f8de0a2675 57298 x11 optional xfs_1.0.1-7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHBev3mEvTgKxfcAwRAix3AKCo8BvlazYgW7J8pVXeOZ23zl2DnwCff9cg
BFR+FBEOp1RQpVDZQApvhls=
=9fxF
-----END PGP SIGNATURE-----


Accepted:
xfs_1.0.1-7.diff.gz
  to pool/main/x/xfs/xfs_1.0.1-7.diff.gz
xfs_1.0.1-7.dsc
  to pool/main/x/xfs/xfs_1.0.1-7.dsc
xfs_1.0.1-7_i386.deb
  to pool/main/x/xfs/xfs_1.0.1-7_i386.deb