-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:01:59 +0200 Source: libx11 Binary: libx11-6 libx11-6-dbgsym libx11-6-udeb libx11-dev libx11-xcb-dev libx11-xcb1 libx11-xcb1-dbgsym Architecture: amd64 Version: 2:1.7.2-1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Julien Cristau Description: libx11-6 - X11 client-side library libx11-6-udeb - X11 client-side library (udeb) libx11-dev - X11 client-side library (development headers) libx11-xcb-dev - Xlib/XCB interface library (development headers) libx11-xcb1 - Xlib/XCB interface library Changes: libx11 (2:1.7.2-1+deb11u2) bullseye-security; urgency=medium . * CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() * CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow * XPutImage: clip images to maximum height & width allowed by protocol * XCreatePixmap: trigger BadValue error for out-of-range dimensions Checksums-Sha1: c1db5e84cf3d91cbbf79f09becb08405a9466e88 1115224 libx11-6-dbgsym_1.7.2-1+deb11u2_amd64.deb 3231d7624a1a534d8916c9da3741bc0359cabc3c 565748 libx11-6-udeb_1.7.2-1+deb11u2_amd64.udeb daaedd0f189697ca47659314d66cc536c6b3028f 771508 libx11-6_1.7.2-1+deb11u2_amd64.deb 84c0cde7070f60c135bbd063b3f266cfba61931c 844860 libx11-dev_1.7.2-1+deb11u2_amd64.deb e61e73c9d2a1a5b768fea8e3a9adf08df1598935 205764 libx11-xcb-dev_1.7.2-1+deb11u2_amd64.deb 301c7aadc0687fbd869f96871bbafe39d9dc04d6 16780 libx11-xcb1-dbgsym_1.7.2-1+deb11u2_amd64.deb f3dea0ea80e0c3502c5c66caeea5900328060ec3 203516 libx11-xcb1_1.7.2-1+deb11u2_amd64.deb abc77c1e388b81bcaab975dfdaa58ae59573f952 8066 libx11_1.7.2-1+deb11u2_amd64-buildd.buildinfo Checksums-Sha256: 4ab5f816a9c10172d60f102b9a8ac8caf5f4010ea9318b4baf2373fd0bffb982 1115224 libx11-6-dbgsym_1.7.2-1+deb11u2_amd64.deb 75e45a7db9e809b7636fa68ea26ec41d498e8fe3a6f0b159c4c42d0dbd2fb57e 565748 libx11-6-udeb_1.7.2-1+deb11u2_amd64.udeb 2b3b959cb10c07be065eb638a8577fe20f282045aaef76425dbd7310d1244b8c 771508 libx11-6_1.7.2-1+deb11u2_amd64.deb 9fbcda6af06d8db9cd8a48b581570aa8fee862bfc43b6f569a66503ae7d83211 844860 libx11-dev_1.7.2-1+deb11u2_amd64.deb cadd9279292904194469d366d42c3a2555050ac7c3767e30523128e394811cc3 205764 libx11-xcb-dev_1.7.2-1+deb11u2_amd64.deb 99ddc1d7ff950fcd281d261176743b5b5b96eb71571767d0b795010a3107d16a 16780 libx11-xcb1-dbgsym_1.7.2-1+deb11u2_amd64.deb 1ac662dec0b4db1c65668a2c62f0063f4c9cc0d9c8df15ffe735bd2d84b8ee95 203516 libx11-xcb1_1.7.2-1+deb11u2_amd64.deb 318007ebcce85046e1976f306c4cf4ee941686e7e91444594f2ef78498f50c42 8066 libx11_1.7.2-1+deb11u2_amd64-buildd.buildinfo Files: 3ff0aafac4cb0e330271ad0a7794d0ef 1115224 debug optional libx11-6-dbgsym_1.7.2-1+deb11u2_amd64.deb 14f9e5d59e6b9128e24364af888fecff 565748 debian-installer optional libx11-6-udeb_1.7.2-1+deb11u2_amd64.udeb af7699ee870fd62e420b843142c896ac 771508 libs optional libx11-6_1.7.2-1+deb11u2_amd64.deb 88b1c11176e028b685450db00facd1a2 844860 libdevel optional libx11-dev_1.7.2-1+deb11u2_amd64.deb e3d60d7e7860b9c93089b4e10a9d8a23 205764 libdevel optional libx11-xcb-dev_1.7.2-1+deb11u2_amd64.deb a910e7fbe77ef0504b2448d403fd3771 16780 debug optional libx11-xcb1-dbgsym_1.7.2-1+deb11u2_amd64.deb e0792715517e9ca81d8b59482a8cc509 203516 libs optional libx11-xcb1_1.7.2-1+deb11u2_amd64.deb f4ba36b7274ba1a2d534c447d0000ff3 8066 x11 optional libx11_1.7.2-1+deb11u2_amd64-buildd.buildinfo Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE85oDfSLnwLkvY4Ibj5YjFeDZ0JMFAmUb30gACgkQj5YjFeDZ 0JMBgA//QrtUva614SnZMUVEXW3oEghQBucGZ+dT0JgecqCdjP99gQXeU+kQkD76 X6fQVpqXX+iicIrgQ3NA4XUMeRKpgkQawLVjNK8CaF3WPrKk70yenAK5Xs3Zv9wG eLv25pIl+beg4DbT7RB3ov7enNivXXr8ASVSP7YayNUK+EtYODkNYZ6dQS+EnM63 eIR0v3LMuHXlen9KYxWqK31ZlHf5V9ELHTDAaIYcoehYNoMMsyQ0DR3ct2IHFnsf FeIrnrf9kbmySQLz90LbBXG98gmAucP1zcYM+V8M32CorckSUWKDUuph8Aou/lvI ywM3LmBmYGDkZ74LG4PjniJvV/Dw56hiKzyD8bB7RqRY78qwvXygpNwljQz0xzKV iQepQN4CXO4fda0IS9gaXQXb1U8GOfUPTv2qUeTNgB8X2aWMz3R7IAoSsKmB+620 5V6VDpleQJFD6RH+dc3QGVqQqu20HmyuBGa1WrKalvHy8Hil145hDn7Ee7a/fTeu K/5OiXNGrRt2Lu93cjqstg7HK1d96fDM5ZggFatrRqVyGS4bdoR8guygzzWZH8VY BfpcubQy0TQQWPJ+/vf6tYTHuoSy9HVha26XIGZay/mVWzQg2DTJ/8Re6tUGH5Ae o+H7obd320F5+ZSVg6en1NxgyhxBoEwenVGwLrkbeANUcVVjvmE= =sdni -----END PGP SIGNATURE-----