-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 10:52:32 +0200 Source: libx11 Architecture: source Version: 2:1.8.4-2+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Changes: libx11 (2:1.8.4-2+deb12u2) bookworm-security; urgency=high . * CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() * CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow * XPutImage: clip images to maximum height & width allowed by protocol * XCreatePixmap: trigger BadValue error for out-of-range dimensions Checksums-Sha1: 1cbbdebf35a10d416c61d6072c909ee77350aa37 2544 libx11_1.8.4-2+deb12u2.dsc a8d0767d6b802d61f1ad53e6338af9a9d3f012de 115499 libx11_1.8.4-2+deb12u2.diff.gz Checksums-Sha256: d7374ec568d895f9e5919ebdbd94301e2acb9e8b307a39ac8708082aa1757fa3 2544 libx11_1.8.4-2+deb12u2.dsc 3b3b43eabf8a58dda4442031652cc2294b50fe46129d6943937bf320d8a62243 115499 libx11_1.8.4-2+deb12u2.diff.gz Files: c0332532b34f98ba17dabb6df6d38dfc 2544 x11 optional libx11_1.8.4-2+deb12u2.dsc e0b0d65362402b86bb65060c2e08f80d 115499 x11 optional libx11_1.8.4-2+deb12u2.diff.gz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmUb1nIUHGpjcmlzdGF1 QGRlYmlhbi5vcmcACgkQnbAjVVb4z6142hAApofvezS0zpxr7etu4ddmkywOYBKP hNBaexwqag4uoDIRkKVJrZEifILRYyZDgX14svOpBlTfiTex8FQXDiCB68BpU0ky Ny2Yo9+LYMfwCEjuOSoV15TNfm0VSMSihntgmBZLN/Op00aNi1I35iiaXenjDN9A H50zdPv+zgOU5ROfkOhRyXYcfqdtxa0gZQ3kBlaEMhnos36wE2XHy8Vk2jDssKVk ceCCWRFX3l7GJo2bGK2F1vpXPjnMCZwzYvWWCkSakBPgZ7e3z66unDO704Yl34aw WXk/1pFwRFc9dDm9D1/dCubWaHsVNklxyij3lQH3GOw6y9A8MKJaKAx97JSSJezk 8EimlHNY3o5tckwFWkeG+BPmKDlIecxG7ZGUWERTSeDbQmEcb1S446yas2ao40Tn u6dcTRtZSKrcBr0PiDqauwOpn7ychhimjoK+mXTcp6xgycbfVGkUi1PsBAGedUbU 4BYnhIUGVgrj7hKFmMPuynb1FH9I7NIT5/XZSEvrdM66UUARhCguNeSdfBlP2aOQ k6LmppVhe8ktgxHyHz3+ky3JbEPiwQAwQba1FwX9lmGpBewi9wunB3OhVz8pH70W UAJ7tckH0wU5dm47YRO9DfOZ9b8dI/b73kbQ1ez77XZSwEI8EPA1SS/QimdVz2uC /BnoFFFjw9M/qvA= =Cozf -----END PGP SIGNATURE-----