-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:59:05 +0200 Source: libxpm Binary: libxpm-dev libxpm4 libxpm4-dbgsym xpmutils xpmutils-dbgsym Architecture: armhf Version: 1:3.5.12-1.1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Julien Cristau Description: libxpm-dev - X11 pixmap library (development headers) libxpm4 - X11 pixmap library xpmutils - X11 pixmap utilities Changes: libxpm (1:3.5.12-1.1+deb12u1) bookworm-security; urgency=high . * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() * CVE-2023-43789: out of bounds read on XPM with corrupted colormap * Avoid CVE-2023-43786: stack exhaustion in XPutImage() * Avoid CVE-2023-43787 (integer overflow in XCreateImage) Checksums-Sha1: c68682c53348e53ac56133bba5de472ec66828de 98256 libxpm-dev_3.5.12-1.1+deb12u1_armhf.deb 33955b60f29a644700a9df498a85935a5a65d547 102336 libxpm4-dbgsym_3.5.12-1.1+deb12u1_armhf.deb 3e0b77794edb9546f79c9510e5a0dc8d0ef7b260 42444 libxpm4_3.5.12-1.1+deb12u1_armhf.deb 59eb687db9a15a52510c151c6235885a2b4a2a89 7618 libxpm_3.5.12-1.1+deb12u1_armhf-buildd.buildinfo 8f446feb335343d2011376c2b1496f53c59c34d2 54788 xpmutils-dbgsym_3.5.12-1.1+deb12u1_armhf.deb e1bf9ce09d6dcf3943e31113c0f78e718b9bc544 35160 xpmutils_3.5.12-1.1+deb12u1_armhf.deb Checksums-Sha256: 9527ac532ab3175171145c36179af9bf1915dabf87091d1aa2f9118dff8d92d2 98256 libxpm-dev_3.5.12-1.1+deb12u1_armhf.deb 1f4511cc8dd0212992cda6b3ac3fb16be1ca609e8b1803c0c16dcff740df6cee 102336 libxpm4-dbgsym_3.5.12-1.1+deb12u1_armhf.deb bf19fef151549ac4bbad738dbad4c561a9382c82be91302d4277585a51f332b7 42444 libxpm4_3.5.12-1.1+deb12u1_armhf.deb 2f58c0373dae3321f2d768b527563533d1e8e883628b909a81afac1293ab74f5 7618 libxpm_3.5.12-1.1+deb12u1_armhf-buildd.buildinfo 23596d13735c6d08b64dfea7ac397f1f0235e1c7335412f05cf6ab1d73b3556f 54788 xpmutils-dbgsym_3.5.12-1.1+deb12u1_armhf.deb 18ff62eda602cf5b35f6c831c383efd28fb5624b32af243ede139995995ca093 35160 xpmutils_3.5.12-1.1+deb12u1_armhf.deb Files: 690296f892ebe0f38639d92b5b3dc156 98256 libdevel optional libxpm-dev_3.5.12-1.1+deb12u1_armhf.deb 59e45985fc767c5a68721a668cc6d50a 102336 debug optional libxpm4-dbgsym_3.5.12-1.1+deb12u1_armhf.deb d1b5fc8003039a26569c099b99114ba0 42444 libs optional libxpm4_3.5.12-1.1+deb12u1_armhf.deb 874385cd501e7c094f6c783d160f6bde 7618 x11 optional libxpm_3.5.12-1.1+deb12u1_armhf-buildd.buildinfo f790b6bd1b33e2542a079911323ef602 54788 debug optional xpmutils-dbgsym_3.5.12-1.1+deb12u1_armhf.deb 32632c1a9318a049f03c55fe8aca8d33 35160 x11 optional xpmutils_3.5.12-1.1+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmUb6zsACgkQWTHLDRjM KsRcNRAAyXNnA+oET7o7GGHIovtALuqtDXLUejs2hg0Ox65s8cN8jvm7pxObUX4k Fs4ObYdsb5MCLXfcNF6/VvdcxFDGXn4/wQ/wpU+U+ijNwLhdTG7EV+6jZDGk7l8a WThyQY3NYRahwkGmZ9EP+KOgmOub8FAByRTuqMwttmHd0hkoQl6nLxKA/Okk761g L3BIgaPnZNo3LcpI/kzU7bNlj/5ra6AeQ+O7bMnyV/sgY2f1NY0q11C+312GgxvH YwyCgi0pXx5Virm2+M/b3Cnc9VB2ZN3RROT2FJO6LF9RbhQ123ooTgAH0ybgc3bW Yvww7ori+9tSoPHYXZgddh9USU+LNGaFGLNfDzQ+zn5CNa2De6PPPe8Si12ZDgmI u8SiM55rdm9/K0gXdtcAx8MqSVEDX8jCUPw/f6iFO9wjlRu2J5DTlpF6KH1wvQ/L mSiKSmHZhRL10W7msqcc7kIbcCvUkh1nUVkh0/twr544b/MAuQqWKaKsvOrgQRCS D3bJL/4upf/+HLcDe7XcPOlCIYXN4/XIyvgqKEe3KCjcQd7Xcd8veAX6hImxxLDY PuI2y67u+zlnyQqQX9UAFuDBEv9XpkVluKMdrYgrhdA48KlmJfT2JZuAJxTszhzC 3iflpexBpOxVbiCW83bTUGSwx8qxhrgzmG6w2xpCOXc80zV7ZdY= =XNoe -----END PGP SIGNATURE-----