-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 10:52:32 +0200 Source: libx11 Binary: libx11-6 libx11-6-dbgsym libx11-6-udeb libx11-dev libx11-xcb-dev libx11-xcb1 libx11-xcb1-dbgsym Architecture: ppc64el Version: 2:1.8.4-2+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Julien Cristau Description: libx11-6 - X11 client-side library libx11-6-udeb - X11 client-side library (udeb) libx11-dev - X11 client-side library (development headers) libx11-xcb-dev - Xlib/XCB interface library (development headers) libx11-xcb1 - Xlib/XCB interface library Changes: libx11 (2:1.8.4-2+deb12u2) bookworm-security; urgency=high . * CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() * CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow * XPutImage: clip images to maximum height & width allowed by protocol * XCreatePixmap: trigger BadValue error for out-of-range dimensions Checksums-Sha1: a29149b7c214e0a20e0e6f847265403e7685bc2a 1142364 libx11-6-dbgsym_1.8.4-2+deb12u2_ppc64el.deb d44bdba36095a5873c30c76b017802b100f691f2 607808 libx11-6-udeb_1.8.4-2+deb12u2_ppc64el.udeb a6e1340971b4ce3db62de944e11b02533c9832b7 797396 libx11-6_1.8.4-2+deb12u2_ppc64el.deb 54051f4364492a7f69dbff4b038f84683be22e98 887124 libx11-dev_1.8.4-2+deb12u2_ppc64el.deb dafaa37c359b86d40ceab5578856fac1fe67af61 194588 libx11-xcb-dev_1.8.4-2+deb12u2_ppc64el.deb 99d30fa267aa617cc00809adf67ee502ab0ec983 16828 libx11-xcb1-dbgsym_1.8.4-2+deb12u2_ppc64el.deb fb9db514b340f737f8d707ec06b5880784ad349d 192520 libx11-xcb1_1.8.4-2+deb12u2_ppc64el.deb 7a03f47507ebf3b94e1963d40d72de6662e5807d 8021 libx11_1.8.4-2+deb12u2_ppc64el-buildd.buildinfo Checksums-Sha256: 4320ee8c1527dd06ced1e39e6adb4db5160477acf91bb615be26b3c0c31c34ec 1142364 libx11-6-dbgsym_1.8.4-2+deb12u2_ppc64el.deb 43b064ddc2ce08c74f9dad93dab55846d2632106da790be0e1d5091d6847abee 607808 libx11-6-udeb_1.8.4-2+deb12u2_ppc64el.udeb 53576982ab659cb7157d52c834b69be4a4662ce1d3989a93a422e5e77d8669ce 797396 libx11-6_1.8.4-2+deb12u2_ppc64el.deb 38c972d64026ba3a212ca990c6d82558afc56625d91e72483d3fd7ba3b2949b3 887124 libx11-dev_1.8.4-2+deb12u2_ppc64el.deb caba71089d00b3b6890d726a6390b816c5d55b5ee0fc34c1e410b1f4cb3afdb5 194588 libx11-xcb-dev_1.8.4-2+deb12u2_ppc64el.deb 0e1c137c7cd1bd259d622f90528c0a6c40760589539807aad6766d972047caa0 16828 libx11-xcb1-dbgsym_1.8.4-2+deb12u2_ppc64el.deb 6d3d13445ef5e9b988fb5369a0e209d44d155a9b00601ee48111af541cbfa249 192520 libx11-xcb1_1.8.4-2+deb12u2_ppc64el.deb 648f88dd732fdfbcca3fd8b7b208377d4538d82bfe16af3a05f5d924427e9e9d 8021 libx11_1.8.4-2+deb12u2_ppc64el-buildd.buildinfo Files: 17f1fba37e4a75e5e07e81b7cf2753d2 1142364 debug optional libx11-6-dbgsym_1.8.4-2+deb12u2_ppc64el.deb 2a4907a61419a2072137859772daec60 607808 debian-installer optional libx11-6-udeb_1.8.4-2+deb12u2_ppc64el.udeb 705c376c257e83cd97a3665aabe9e5b7 797396 libs optional libx11-6_1.8.4-2+deb12u2_ppc64el.deb 2b0f0b6737be8eb38ca4d07ed5c2bc8a 887124 libdevel optional libx11-dev_1.8.4-2+deb12u2_ppc64el.deb 60b5b149ab3eb04977565808a1dd130b 194588 libdevel optional libx11-xcb-dev_1.8.4-2+deb12u2_ppc64el.deb d581e3d7e7031d812155342f5d9ef907 16828 debug optional libx11-xcb1-dbgsym_1.8.4-2+deb12u2_ppc64el.deb d13e530ba14d8a5e70b3c0668723d17f 192520 libs optional libx11-xcb1_1.8.4-2+deb12u2_ppc64el.deb 5bf2bf8ffd25c845a9781ac9e599a530 8021 x11 optional libx11_1.8.4-2+deb12u2_ppc64el-buildd.buildinfo Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmUb2pAACgkQY7DdE4sW Z/VTnQ//cF+/Mhmi2uPd7CfwQTwA2I8Bj9vcmay3k7641f1LoM1DD3Rq9o7QqCkl zJ2ftT3HgXAmg1Q5KwzNfdcpxGopVP/urA6MGdlUSA071AjNt76PnTY/MWirDf93 EuunMN1XosU64pVOEQVNK9zovlox0VQktjfiqNEG2jYC+1o/V0PvuL5/UgNgjYDK CeTqGYHT9HLP9/IKrv+KIFGEoUyuy6Gp4+NoAiGAHpQV8iq53D+hSqjgJL0pq4Db 5udIuFQL7wHoq9wYvYa3DX+v0Z+Dtb62P9eEtqmhT3ZmEmgXAyZ+6tllZWzyL7+g +uLBd4JBRpX3aXhYlQbGRvcfzcMtc/WbMt5+hami35V22lC48IXfCgMC1tfq7seF xKvoXiBezc6bpATqRLglUEBtXOUYpnyxz/vIzyMhxTb9NPfojpMFH0BSwyop5K02 iWjLwZWmDBLUJrft5UiSNTJs2mhVidMg8V/ryShzTN4Kmd9ZooXec4aLW7JXOs1T /xPesjeYR2VTLi++celDFi9wB3dA71ICD7OqmG90jacSnYlCGXbhu4DBK2Z6rULo CrN4VbTYmBcOgP6YvqKSLIT5NU6HFYaxLJZ/Vo6ZwTiR6cnM3MWSO+HG9LBBrQ77 YV/VmPQGRb6azlXXH+jpUzc/2bjsyR3tqtozSEEOP0IhfMnJXUs= =an4x -----END PGP SIGNATURE-----