-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: amd64 Version: 1:3.5.12-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: 8c13601f7ab0cc09ba0f793c9a747dac77336e81 103912 libxpm-dev_3.5.12-1.1+deb12u1_amd64.deb e947e604bcb1ab1ca4106286e6f7e8c4e3504859 105308 libxpm4-dbgsym_3.5.12-1.1+deb12u1_amd64.deb 8b2d218f6d2430bc99124e37d86e5079a0d69c9c 48608 libxpm4_3.5.12-1.1+deb12u1_amd64.deb 6f55a3b6780b770927d28104f74cbb11e447a7b1 7746 libxpm_3.5.12-1.1+deb12u1_amd64-buildd.buildinfo d9c72a3b7b4f7913ef0552c9d3775f4f05dd8d4d 55240 xpmutils-dbgsym_3.5.12-1.1+deb12u1_amd64.deb f1ae956208fc0009dfd15466dc2cd8c1e11c3074 37900 xpmutils_3.5.12-1.1+deb12u1_amd64.deb Checksums-Sha256: 2e4a2f06a92f1c0f8ff6bd0da567819d56b1c5afd8e66f978b67eccd485a2b12 103912 libxpm-dev_3.5.12-1.1+deb12u1_amd64.deb abd0d06ced4d3d8055f05632e47b12ebb546e9d6b56bc162572fad627db97b01 105308 libxpm4-dbgsym_3.5.12-1.1+deb12u1_amd64.deb 505400598dcda712380f2e4a73b09b015a3fedf78bd874f6429622c448e249f9 48608 libxpm4_3.5.12-1.1+deb12u1_amd64.deb 63b85ca88269b7fad3d96fbf09a2f66668b76ce9a5f1da9d20f28f6335cda3bd 7746 libxpm_3.5.12-1.1+deb12u1_amd64-buildd.buildinfo 8430b2136eea69a53b2e945b276d7fff46dd9fb27ec87603554b3010f166a538 55240 xpmutils-dbgsym_3.5.12-1.1+deb12u1_amd64.deb 26b099e08720ca57584ce4185236d0254fc4f3b81b72bcbd980bb403884f3d1c 37900 xpmutils_3.5.12-1.1+deb12u1_amd64.deb Files: 4fae46465738d9fa6b9513ee79995ce0 103912 libdevel optional libxpm-dev_3.5.12-1.1+deb12u1_amd64.deb 1ecfd260142811e04bf4a3ab27a8783b 105308 debug optional libxpm4-dbgsym_3.5.12-1.1+deb12u1_amd64.deb 47ff34e61b90bb4a518e8e8e4a9833e2 48608 libs optional libxpm4_3.5.12-1.1+deb12u1_amd64.deb aad5527f0af5149461fc4a548235ed04 7746 x11 optional libxpm_3.5.12-1.1+deb12u1_amd64-buildd.buildinfo 41b52e2a422aeac6c6052a1e05ca1ea6 55240 debug optional xpmutils-dbgsym_3.5.12-1.1+deb12u1_amd64.deb 9bf9e8b620d90028935c311d9d046e92 37900 x11 optional xpmutils_3.5.12-1.1+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfSHphWe6nwpTFrNNZXl/6h5+iU4FAmUb6uEACgkQZXl/6h5+ iU7VbxAAr/O5aVJ7eoszjRI9ZXBE7flXvYZgKaWvvd7YWhMKvBggrsR9hO8u6AIh sCZ2uEruzD/I4RedSOBVMcDC9WblBq6nR5ByMY8YJU9HbeljNtMgYNEcfQwvWLZ9 eHTYeO8cw7p7RRn4cD/4hoECi2Z52YCSxi9A9e3XHbnrutD5kFR43eH09M0fls8v ouzKLHQrvhj2Bv1tj+x/KTxvhfL8aqUOg5yBYBCwUY2nhXchVSjJ1VZ5/ZKuDVt+ EhUaP5l5pp1VebVgX1ufE5sOWpbqTLFYvYOmKt3kvpRHlUy5/se2ngMPuPaiveXo tyIAnXzdXLQecbZs+IHgPGb5Gh/CNVrWPhNNf60JenBaryYFF1TfgD5+cXAVKyRV o7XGHp7WzAgochOCTB01kkdmcdWwixAdLU2aP6nGL9Fpz6xgVuz1Zh9ehLjFVwhy i6las3DhmpITLS+mgcPxWVd07T6Q43TM6x31m4qmsDoonsGj4Ikk2uwwkLb95SzB pzfV4fA8foMZBMq7EWnLQrh3PZZDwmodn+SrT40R3KYzrtR4+DNQgL14/cv0n5aK /wGm7Y4Shedc3DAqnOu24SQE72oPARmQPJ8+d3WUFHx6V7P2+aRXgodEWmdTIebW E6x99V5cwJ3XuchEu4XFV+qlXAHCwNkwbnCF4jMBKuc26Mzr7Xc= =Ft46 -----END PGP SIGNATURE-----