-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: armel Version: 1:3.5.12-1.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb11u1) bullseye-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: 221e6db9416f085be4a53f86c7bd70cd9c17ef89 100388 libxpm-dev_3.5.12-1.1+deb11u1_armel.deb 9fa532689a5b26417e5459ad56e2cc864d954ea4 99260 libxpm4-dbgsym_3.5.12-1.1+deb11u1_armel.deb 1eb7b2533920a2eea242a8ac514638ca64db8167 44108 libxpm4_3.5.12-1.1+deb11u1_armel.deb e6b1ee8cd913958942ed277aed6f26a5e381608f 7773 libxpm_3.5.12-1.1+deb11u1_armel-buildd.buildinfo 3144c07be3b075b53c6acd71ba057f127049d3f5 54012 xpmutils-dbgsym_3.5.12-1.1+deb11u1_armel.deb ecb7d7d069d1bc89e83b17f257e66dcb7703515b 37236 xpmutils_3.5.12-1.1+deb11u1_armel.deb Checksums-Sha256: 648ce0f4186136a9a6c0bd47ab57595c9b9dd4ae01c7e2bcf435d21c200afab4 100388 libxpm-dev_3.5.12-1.1+deb11u1_armel.deb bc8746ccb8418e7a4f0eca6b2daf557cffeb2d213cb821e503bac2f5303cdf7b 99260 libxpm4-dbgsym_3.5.12-1.1+deb11u1_armel.deb 45fbe2f9c80ccf9611690c693064b3d8a4dbc39d6ab57910676ef153943182bc 44108 libxpm4_3.5.12-1.1+deb11u1_armel.deb 8c2a2d2c8300cf7c0c1047123d8cbb2bebdeace0bd2606a0f63b28ba0dbe7e41 7773 libxpm_3.5.12-1.1+deb11u1_armel-buildd.buildinfo e28484b835200a25506070a8f312ba14d3d0db9db08a2dc9afbf36bf327392d2 54012 xpmutils-dbgsym_3.5.12-1.1+deb11u1_armel.deb e643e92e12899ed7bd4e4787321265a6afeeee7bbc335a67e0308f138556012f 37236 xpmutils_3.5.12-1.1+deb11u1_armel.deb Files: d23c069403b781c2a982453f68a25426 100388 libdevel optional libxpm-dev_3.5.12-1.1+deb11u1_armel.deb 065df0f1b5896913d4ab01e111da88ce 99260 debug optional libxpm4-dbgsym_3.5.12-1.1+deb11u1_armel.deb 45e31d062025de264231c958e1c01ce0 44108 libs optional libxpm4_3.5.12-1.1+deb11u1_armel.deb aabc28355074c4c6f022433294927e29 7773 x11 optional libxpm_3.5.12-1.1+deb11u1_armel-buildd.buildinfo a5d81a5d547d1c7aa9b649d2cc206229 54012 debug optional xpmutils-dbgsym_3.5.12-1.1+deb11u1_armel.deb 745d0f4bb4ad3e4ba471f0cebafedeb1 37236 x11 optional xpmutils_3.5.12-1.1+deb11u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdkvJoTVAIZVYaO9cyYck2apzqqMFAmUb7X8ACgkQyYck2apz qqO0URAA1nlInKKdJx+xeSs+H649+TdTA0fZDXQoFUVs5m66hSzxMf2V2TEczpaf EONdAKgTPVgUnYOmQXZ+pIcH91kAP7AYDkqPNC1cM6U55gJ7fDau0E2l8pjW8XMz 2197k9wbdoQhP6tgzj4rvg5VUr9fpj0OLHrmNP/sZ+nTPIVDE0Gj9CuXK5l36rMV xHy5mY+ZAx+snjNMy875yGdLVC6P3ucQ6oYrxAohU6n/kg4Qw/7Pt81dfeuh0Xdd eiuxuNtjPCTGhOSzxz9T2T+VLdu+XDZ+skFeiU99AYrcv6Vh4gsRzDcvaqfcpD25 N3btETv4bnus17kGsRPrKtjvqFUFLceXGOYCYjjMyBCjZzp4Y/uiLDg4mJqX7dB8 9VWaNh8XbeHeT3yo8FqkTVFy43Xz0CX67Uhkz/ZCA32d5sT04Vu6btSvyNVJtFxG J6V96wZaetQTkyDEj7wuGXRRZDDBu+yd0FPjc+Tkgz4ClNnIt9gV59Tpq0pUCU9R KBVnoTZR+wiS70QU0JvBaQUTm1GFHg7Omi8tah6dLlnketdGgRGicObMHxFkUSHl eiM1wTP9a+VsNtllAp4W8yrsjEMcYkew7AF2vm5KMlHGm7FGx/SWn+H8Umh2SNCq UYfaSunhTyQQMl2VqiP6La12wEkVNhvpnxOjtuPnNfrVM5fO7UM= =167C -----END PGP SIGNATURE-----