-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: armel Version: 1:3.5.12-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-arm-04) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: 9a398fb12603ec75d18007c56d7461eaa73fa29a 98652 libxpm-dev_3.5.12-1.1+deb12u1_armel.deb 0c8a4f914fbfa82e4ecdd67990126dcb9b6d001a 101568 libxpm4-dbgsym_3.5.12-1.1+deb12u1_armel.deb 60af180ed17f95b0590554cbb00f883015a6807d 42316 libxpm4_3.5.12-1.1+deb12u1_armel.deb 499898ab370e2d8508c65733927b682869d32d8f 7616 libxpm_3.5.12-1.1+deb12u1_armel-buildd.buildinfo ed97fc0a557eb026c79531b5d429a652529ea9c2 54144 xpmutils-dbgsym_3.5.12-1.1+deb12u1_armel.deb 624620eb47621c3d68e9d3c1a64dee2c7ba9ed16 35076 xpmutils_3.5.12-1.1+deb12u1_armel.deb Checksums-Sha256: 65a016570e545b155dece34eae2b05ab54f6d3887a95bcddfce93d9b7ce90d20 98652 libxpm-dev_3.5.12-1.1+deb12u1_armel.deb e60af2e0a85667a1d4a638ed66eccdea2fe4166e61560ccd5d12ad06e5bcce30 101568 libxpm4-dbgsym_3.5.12-1.1+deb12u1_armel.deb 5ac241dbd9208c1fab4ea0a03ffcb7e798327054e623ee9036e13e103f4afd74 42316 libxpm4_3.5.12-1.1+deb12u1_armel.deb d98404dd62fafc1e44f1687f4c0f17d6321bc2473a62f59f97ee5986a4d669a2 7616 libxpm_3.5.12-1.1+deb12u1_armel-buildd.buildinfo e3d244119bd03602c97214c91b564c20172307fff0a86fcf051f1861bda6f9cc 54144 xpmutils-dbgsym_3.5.12-1.1+deb12u1_armel.deb 879ec8be55f192e506cd8a7ed58d5f54f96606b77b2694442cb407fad9e95608 35076 xpmutils_3.5.12-1.1+deb12u1_armel.deb Files: 09e9aa943e9a1010f0e92bc0c493397d 98652 libdevel optional libxpm-dev_3.5.12-1.1+deb12u1_armel.deb 8b4259f1f37854d46e082fb9ba7067b5 101568 debug optional libxpm4-dbgsym_3.5.12-1.1+deb12u1_armel.deb 76aa574e274c655d9483832c92ad96ba 42316 libs optional libxpm4_3.5.12-1.1+deb12u1_armel.deb 756c1157f3df65ada7e233d3661d9144 7616 x11 optional libxpm_3.5.12-1.1+deb12u1_armel-buildd.buildinfo 3527912da5f21d6d6bc1c5deac00b5f0 54144 debug optional xpmutils-dbgsym_3.5.12-1.1+deb12u1_armel.deb 1f23589f0914e0b94bbd8b527f917433 35076 x11 optional xpmutils_3.5.12-1.1+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmUDOxnfDwdc47jJKqoc2e3yvTA0FAmUb62oACgkQqoc2e3yv TA1TFxAAkYIRbgqBVkjBkDUt2wg7J9PshMvN+DLi9cL5inibWlDd+1BdFQcOnDIJ 1u4SAD+sfXtcsbTQ4ZGsRsS94vhe+zkyNd9aATuFYTJmf3AGQeSOokGWrYwC4ml5 f/kCkMysXBCuCLukCfrl98YGuXjNlHQvNokB8FryBmW3HFbSbWLiWNN/eHhT1BBW DsqRTgdNPaP8PZZ7MlD/CTJ50rbS0U5Tn1marpdl9IycH6UAUFLymsAHcJk/h5uF CMlDqpSovR1jn0V+/HYh0WMHSrsmmcC6HhIPdLFtNnQNHKweO5OIBacNThiKpGQS 1A5rOTEXbPwo59VfYKu3VwnH2BSC6+r2fCsCC1Wqtq+FuyqsmVvDFoYdu4trcKm0 TIiqcp7GHDNNOIWpM4EmfRMP670dc+QbTQYAr7OvjDH/Bs4DV8y6NtmBNrcZ3dRB iZHnoHw1q2DcIlIpDs/pvZdIN5W7knl4HFGz7mMzqGn7u2G2A6nc7+lxuNUvGQ83 zrDeWe2zjJw6xcXVmLJ8yQvZKg3OG4lKNKQFEfcNUQ/6+VxlAqmQ1eFhPfchv0EL 61X6RE6ivuKZoyt+a0DqzGF/XcghnHV3uNv9iAnWPOPZBS7ZLG6vJH1a7GwZ4eln eobzXaUgL1Cgryg10e0Bv7uffG2LpgwuQBU2uAsuRTKmySc5s1M= =F9d9 -----END PGP SIGNATURE-----