-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 10:52:32 +0200 Source: libx11 Binary: libx11-6 libx11-6-dbgsym libx11-6-udeb libx11-dev libx11-xcb-dev libx11-xcb1 libx11-xcb1-dbgsym Architecture: amd64 Version: 2:1.8.4-2+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Julien Cristau Description: libx11-6 - X11 client-side library libx11-6-udeb - X11 client-side library (udeb) libx11-dev - X11 client-side library (development headers) libx11-xcb-dev - Xlib/XCB interface library (development headers) libx11-xcb1 - Xlib/XCB interface library Changes: libx11 (2:1.8.4-2+deb12u2) bookworm-security; urgency=high . * CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() * CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow * XPutImage: clip images to maximum height & width allowed by protocol * XCreatePixmap: trigger BadValue error for out-of-range dimensions Checksums-Sha1: bd2892cbd805ac8641dc064e0452030c5baebab3 1124500 libx11-6-dbgsym_1.8.4-2+deb12u2_amd64.deb df3673cf829835742f53fb840675406df377c2ae 572304 libx11-6-udeb_1.8.4-2+deb12u2_amd64.udeb 05e5afb3b9a31e783e919853793c71e0bcc4cd7c 759544 libx11-6_1.8.4-2+deb12u2_amd64.deb b708930db76b3bbab542ae1b397b9dce52b27eec 836976 libx11-dev_1.8.4-2+deb12u2_amd64.deb 0f4127abcd743b95151e2284307e0fd680777856 194576 libx11-xcb-dev_1.8.4-2+deb12u2_amd64.deb 2c965c53e5cc70480c85eddcd9020b62ab050dcc 16740 libx11-xcb1-dbgsym_1.8.4-2+deb12u2_amd64.deb a3f42fda6b3a1da77a57d6f1f9ea4467abea0410 192356 libx11-xcb1_1.8.4-2+deb12u2_amd64.deb fd8c9217122fdb9e1961ac45d49fc640c74bf389 7995 libx11_1.8.4-2+deb12u2_amd64-buildd.buildinfo Checksums-Sha256: 066ecc6f01e4c9a66408b52c453b02ce414a4b7d831a0618a6270aa1991f6b44 1124500 libx11-6-dbgsym_1.8.4-2+deb12u2_amd64.deb 256f72e2576c31c13b8c00a675900e4341a33905c0ceccaf14982979d65c2d82 572304 libx11-6-udeb_1.8.4-2+deb12u2_amd64.udeb d88c973e79fd9b65838d77624142952757e47a6eb1a58602acf0911cf35989f4 759544 libx11-6_1.8.4-2+deb12u2_amd64.deb 8493220d4309af1907a1f2f6eeb204c8103dafcc368394fbc4a0858c28612ff9 836976 libx11-dev_1.8.4-2+deb12u2_amd64.deb 47e203c32aea08b81dc8fb3c25052b2431da184f7716b7d4ff92628dfe675534 194576 libx11-xcb-dev_1.8.4-2+deb12u2_amd64.deb a4126609b894dc77a6dbc3cf9c1ac83c4416f062dd8b418b6960a820e0327d66 16740 libx11-xcb1-dbgsym_1.8.4-2+deb12u2_amd64.deb f5da45e1d881a793250a96613f28c471a248877f1a0f18a5c90e2a620a76c898 192356 libx11-xcb1_1.8.4-2+deb12u2_amd64.deb 3d58efff7e039d196f01b39143e32d12b6a2d381e2fca00be4af6d3d1d9fbf5d 7995 libx11_1.8.4-2+deb12u2_amd64-buildd.buildinfo Files: cc6c7cff586d906b9cc80e828aa95a19 1124500 debug optional libx11-6-dbgsym_1.8.4-2+deb12u2_amd64.deb 6885c40026ff83cee956813047d422d0 572304 debian-installer optional libx11-6-udeb_1.8.4-2+deb12u2_amd64.udeb 0c6481c14ab6815f2d2983310157421e 759544 libs optional libx11-6_1.8.4-2+deb12u2_amd64.deb 9296eb45bde490c5569cd5b7bb25b65a 836976 libdevel optional libx11-dev_1.8.4-2+deb12u2_amd64.deb c80cde44ed9e8c77e0fe7cf49865b313 194576 libdevel optional libx11-xcb-dev_1.8.4-2+deb12u2_amd64.deb 0eba98a48a986b22ff03ed3bd06f097a 16740 debug optional libx11-xcb1-dbgsym_1.8.4-2+deb12u2_amd64.deb b004aaaca3961579b200cc185f741185 192356 libs optional libx11-xcb1_1.8.4-2+deb12u2_amd64.deb 2ef23b8a16a2706c04e09c83d21dc081 7995 x11 optional libx11_1.8.4-2+deb12u2_amd64-buildd.buildinfo Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOtJZa9Q/HRv7PgxxkF7E12VCox0FAmUb2x0ACgkQkF7E12VC ox1cZBAAhXlpYbmwAj6ZySXD2ryeF5my5+BVp/VHJ2rD94RGr73LwK2hTh4o5d0i oWViF42zk7VHsEbUTPQs9KskqHvLNHwsVK1cHhEI7FY4lo76cywEQ5Pa8GC1Emvi NIP54qdbBBnmmR+6snZziSSmu9HpPgoWx+XnZ0ij4N3/hoBVTzZ9yJ9TVWyrjk6A +DpV9CBSHdD3yxJWGYKq00y2+Dd6Toi6oJGYgfu2Z/BiKpxJB/bYkNqgOq0KjDYv mgWS+0pfr/H7pf/vtCTWuh01SUSdafxcpzsC6ptA+3IFNVaY77H8VtrHk4njC1de GOTMVodKeV3vXl2hjJCIrsz7MwSt72faT+13jJiPACgNvcJkmM4u1lccTG3VJCUQ YrrIAu6/9giGUeDGJdvLY034qfJI2Y+8Bm7g/rpki/0LseRfs+T83DNdJwKbEeXG sOeFtwvb+n8b6hDqyOyNoZivPzJrX8AGNfypxFcjTbaO3WxVBFHjc9+sAyh6cvO3 aZ82CXj51ElTrUjgXTKa4xIVEml/lbkSiOFzoCeTXMQpO4cKx59Ag+Z/dveyg8EX gisqxf3v/cbsKaQ3BkqNeVlc7Ez+iuuS2sIElXm484KzOeB7qWJq/m1C4uDUBcc2 3gMXF57ECjgWOtdfH260C/fPqizyO7MdDdwIJNiFCU+VjL3dGCk= =Z0kV -----END PGP SIGNATURE-----