-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: s390x Version: 1:3.5.12-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: 04482bdeead9053307526e58a64b9f494e998335 101700 libxpm-dev_3.5.12-1.1+deb12u1_s390x.deb 0839ad3fec00c702807abf01aa1aace5c81719f9 101656 libxpm4-dbgsym_3.5.12-1.1+deb12u1_s390x.deb 39bebed3016aa0d9bb5b44ffd3cb0ab74bf89e15 46064 libxpm4_3.5.12-1.1+deb12u1_s390x.deb a69aee1e61212669f3867bdb5a61f2bb00037dea 7657 libxpm_3.5.12-1.1+deb12u1_s390x-buildd.buildinfo fded3bf0e19a5d8d9440b5a84f863f4a012d904e 53716 xpmutils-dbgsym_3.5.12-1.1+deb12u1_s390x.deb 51e59773d87301b4531a651b1096b94e0b7db5c3 36800 xpmutils_3.5.12-1.1+deb12u1_s390x.deb Checksums-Sha256: 01be5ec386f7aced1b3973685984f1940e92fe190f65d0253e039b0f8656ce6f 101700 libxpm-dev_3.5.12-1.1+deb12u1_s390x.deb 78f5dbea5969f4c27024fe2dfb5f3425b04c339a05090cf471ead15f8656cf12 101656 libxpm4-dbgsym_3.5.12-1.1+deb12u1_s390x.deb 4b223377158e9810a515607dc0cb3d3ef971866c611e881a3e6f1d386e6e1ead 46064 libxpm4_3.5.12-1.1+deb12u1_s390x.deb 6aeb32f7805ee4f4c8301e9214e54287d8a860b7246c0222ecc2e927997c177a 7657 libxpm_3.5.12-1.1+deb12u1_s390x-buildd.buildinfo cc33f7c0bc525118a003add3eda695ad432cf6057436c795e37ea0ce4e0f15ee 53716 xpmutils-dbgsym_3.5.12-1.1+deb12u1_s390x.deb b4313f5ae87bfdc134dc817230de70133e3cafa1a95c4bc40a55089c8be3a093 36800 xpmutils_3.5.12-1.1+deb12u1_s390x.deb Files: c8de0e92d7cd082ab0a0b9ce2042de06 101700 libdevel optional libxpm-dev_3.5.12-1.1+deb12u1_s390x.deb 1922974d560a51c4db8edc9e9f279c9e 101656 debug optional libxpm4-dbgsym_3.5.12-1.1+deb12u1_s390x.deb c6fde8907d079527a684e231f386eacd 46064 libs optional libxpm4_3.5.12-1.1+deb12u1_s390x.deb 92cb05e9e1709f8ab45f9c3fe9717617 7657 x11 optional libxpm_3.5.12-1.1+deb12u1_s390x-buildd.buildinfo 19259b2e66bd744bc42676a5c5fd75c2 53716 debug optional xpmutils-dbgsym_3.5.12-1.1+deb12u1_s390x.deb f4e15e432edf0d259ffb21d52efd60c7 36800 x11 optional xpmutils_3.5.12-1.1+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETdQgQHyJW2hcXsTC6b+AMjGgQHgFAmUb+A4ACgkQ6b+AMjGg QHjPyRAAptwTtCId4BvF6Kdpfv5TuoOXTEOASGAt4IevLxm9cdnpl0M7EAKbXdQv JGutd2n8gOtbFj6RO7YFKwFMpQguOhw4QrNPUU/5g8IuJkjM1C7pop2ibGCofrKL jbIWm/FyVl7HPyIp3zoiRthjNfBS4+bi8V4Ch/hJwN/JNVY1JclZ7pHq8LCWGRDk 8Uqh284MvaZhxhZ0OnDNKvbgeqyEITNDixwsTP4BGAPSaRlVySk2lJgryQ3WqGoj lm27YbwbIhsDI5AOVEEi22wf1UPoWc32kWd5h6HO0b0mYn0o8WwWC8IOsBAdlpdI Hr/XRA7reJctHosWGQ2UYb6krk8Vb+EI6fnUsinlNxLPdB/52FJhI8uNMbpD5peN D2uUCG1dNuVnpmaL+RILKTwWHgW9xet44gzqFe7pbbIwB6CTGsrIVsfqLFFnHHL/ bA87UXSbMWOdIsjVnW2+PnCLTN/GwTCjdNLXQRrceGpa3SZflkD13W4dJ3/n5TTs Lh/Uc4YBO+vCvBRti7HheGwbFNUpZ9XMAQgct5zUXCNCZp2SxuaoqcIoqDFfbawo fHrxttTPBEcpnWZYbF2vRJIFNpu0XqqAh4WdSfzySHhwA7dvUQmODFOT4S7t08Gr Y0zgRN9Lw5KQDvZIjyXwXWOC6dCktQ+4g3ubFnv4kX2f7gOa8ag= =ky0z -----END PGP SIGNATURE-----