-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: i386 Version: 1:3.5.12-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: 08031c114fce0dcbfb1fa47839d8c502354bcda4 106700 libxpm-dev_3.5.12-1.1+deb12u1_i386.deb c7d38ec034ca08d97fc57fae0b8b5555217dc53f 93380 libxpm4-dbgsym_3.5.12-1.1+deb12u1_i386.deb 805628aa74a21da4ac4f878363a5c908fd08a281 50352 libxpm4_3.5.12-1.1+deb12u1_i386.deb cb5949fda340ddbddbe0362c854a3c6115a29bfe 7674 libxpm_3.5.12-1.1+deb12u1_i386-buildd.buildinfo 71e1550cd151c85f8dd651ac0028f475041688ac 50820 xpmutils-dbgsym_3.5.12-1.1+deb12u1_i386.deb d046a91912055c51f93035c57cd23d7e7142436a 38596 xpmutils_3.5.12-1.1+deb12u1_i386.deb Checksums-Sha256: 75095aab5d07c2c4e800f05b43b21f861c9374fc521f4ceb837d4153b1190c7c 106700 libxpm-dev_3.5.12-1.1+deb12u1_i386.deb 5e32ca5bb4211185320548dc94193d5a8c6fad7e05a9a717b182ae7979cc7e9a 93380 libxpm4-dbgsym_3.5.12-1.1+deb12u1_i386.deb 62b0c9721c00484db846829c83bce3fb6589df2915ef2cce6b8db4bce1b32528 50352 libxpm4_3.5.12-1.1+deb12u1_i386.deb ec63a5c86822b7b434ae6f834a10cd633d60dd48c54337ff0d306f570f833c34 7674 libxpm_3.5.12-1.1+deb12u1_i386-buildd.buildinfo 34254238b66b0948ec55f0391a84293510c22de2b6a9fa39fe84d8249ae724c0 50820 xpmutils-dbgsym_3.5.12-1.1+deb12u1_i386.deb 47ce18c011628753f6abe247cb69e829cb9b37cf380373224c37a8a6d8ca6b84 38596 xpmutils_3.5.12-1.1+deb12u1_i386.deb Files: 3f456055bc9dd4efff7e2607ef2cfc1c 106700 libdevel optional libxpm-dev_3.5.12-1.1+deb12u1_i386.deb 020af9785f068a92b465819ecf871de3 93380 debug optional libxpm4-dbgsym_3.5.12-1.1+deb12u1_i386.deb 4d8a0c97135d10d72a59cc50ea60951c 50352 libs optional libxpm4_3.5.12-1.1+deb12u1_i386.deb 6dc368c51967f84c5f147ed438cb3b34 7674 x11 optional libxpm_3.5.12-1.1+deb12u1_i386-buildd.buildinfo 958df799d52bb3dfadcae6d5423b1bce 50820 debug optional xpmutils-dbgsym_3.5.12-1.1+deb12u1_i386.deb 4aca1df61a1f1b730d2c3483117ac186 38596 x11 optional xpmutils_3.5.12-1.1+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEJyRdn7p9tGRfxctAots23/koc0EFAmUb6uoACgkQots23/ko c0HNxA//apWf7ZPdMmVMnj+USI+4E2u92RvJQnVIR9jaQZ0nowBCdJWCXdkwzSAl SUy0X2141avj1wC7TRG7v+0iMsJoBTfsuHATr1VZ6wqyyb/g+y3n0puSBSrZNGrT KKI3kwihhbHT1zaxnEHGvRnm15JHvk20NZ59nVFQJx2/bJUSjvapoARUROViwJta Yh0jkX4jYJlHHAAvtnU5tUOi82rOGhcH9C+MQH1ju3Lmb1lB7AHJu2McP7ttRlnW TVYB6nlPZv8nOEfe9CFpFypSvLpMexTTrrMBf77PQpDtvzu0pcAtzl8nbe4HipKB nYTmHsyMfwTBGiZYpCwuFort05exmsxSdr/QTMS5JZ82aOvBKigm0RByrtcdxeEy IvLPChH5jIrmS6/0YZiKUnpWbxVLXvsJaVaBrUlEU0cSleGgwbxjdcTgRaU26pEp uokZC6by7nGxiW32C5jVyMWRLlrw+ftAxNg6Tx+cZn76QO2vAHDUwgfgKIhH/4wS Nk3xPepOBm6lU6Zefknhx6bX2Bj55aKmPgkjtpIF801fzsLhrxNQ3jSW6h9xGrab rr/cIONcAImxF/BrlXKkzpq5fzUqNRc4U3CKSA7hWdUJ/8ATImMMmAdSp/fSs1ll MfntoMGbw6VBKGehw800D3+625FXWsTZnx1R49H/ispaNJyKxAQ= =tzV4 -----END PGP SIGNATURE-----