-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Architecture: source Version: 1:3.5.12-1.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian X Strike Force Changed-By: Julien Cristau Changes: libxpm (1:3.5.12-1.1+deb11u1) bullseye-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: ad49e87c7a543dd83c6e591d16feba60f951b5b8 2133 libxpm_3.5.12-1.1+deb11u1.dsc b60688d34fc7ed1c00c0500a9770ad0f1a20fb77 22644 libxpm_3.5.12-1.1+deb11u1.diff.gz Checksums-Sha256: 60b0c50c28421fa96ea6d7eba22c1c6907dee9b27bf3470afb7693561e898fe8 2133 libxpm_3.5.12-1.1+deb11u1.dsc 2fda4c61290da26da7a643f001c9996c8533b2741b62a3d2cd0ee81900d484d4 22644 libxpm_3.5.12-1.1+deb11u1.diff.gz Files: beed37c015cb06cf74008b37d3b2a5e3 2133 x11 optional libxpm_3.5.12-1.1+deb11u1.dsc 89f36c6151438648f32d26da65b3a296 22644 x11 optional libxpm_3.5.12-1.1+deb11u1.diff.gz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmUb6EoUHGpjcmlzdGF1 QGRlYmlhbi5vcmcACgkQnbAjVVb4z62nbA//dUztNYu76cZ87nMrFpwxqQD3zua6 EckXp6GePunDuP7zdNEqyvyc42rnpKreP5ifo6c7dhy67Eqe3PrWomXP1i/ktsX1 BKAnpZSCh6n4yHF9I9rkLmdpAHLJ8FNeCiS2wWVSR4RbZYDNyhzUDcpfqQJAj73x Sd1eUwvfX1jl8Iq4jr6vJd9TeLHPRg19+SUzwOf2X3ycDyee+aohYq2LvqOfTnT3 e4e1gn2YlOuI/Pz9zdMBLalaXd6SpyGojZJJxqm2kTiA2Wd8mIF/XFKLO/MeK+eZ KKbX4WLzyC2sdeFDOLi/Wustj0n4wNbKD5y9CKDz32hyPXGoGropusFHCzHNkM6z 64GR7PX/GdgDMFlWQ7YeuKG7+y77N/sa8KSZZ7wohjqYs7xAvrCdd6+Q5qphkChA X7Fq8KT52Rzsy10J00QXsc3PWkkJ01e6awVo4MI+rDA0dRnIuUF8IehP8O3q6C3y MBMzKiByGP/CvWTBALedkh6to71S608UK92gG+yZHAXOrlLXsTSO8rRsMEkLZi1x /0MWIq8LdUw0/ZRNA1XgfPvzilHKligl5RZ2dQXB7hLP359j+vFd8O8mK3UMWVve hwxogdEM9zO3qPJ01izH9xGOiVJvCEdWV9VDSNBn9r5h+SaiazAFXhBrXMPWvN/y ApYI+nRNF29/tYo= =8Iq/ -----END PGP SIGNATURE-----