-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Oct 2023 11:01:59 +0200 Source: libx11 Architecture: source Version: 2:1.7.2-1+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Changes: libx11 (2:1.7.2-1+deb11u2) bullseye-security; urgency=medium . * CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() * CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() * CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow * XPutImage: clip images to maximum height & width allowed by protocol * XCreatePixmap: trigger BadValue error for out-of-range dimensions Checksums-Sha1: 020823fa90df3804a47ab1e0122303583fbe0c32 2600 libx11_1.7.2-1+deb11u2.dsc 670f1290da9c665539f0b2c48fe8f5abed2392df 82069 libx11_1.7.2-1+deb11u2.diff.gz Checksums-Sha256: 2e7312dd3780fb6bba6479d1a601aaf80a876771dbe15bcf99b3f35d813785eb 2600 libx11_1.7.2-1+deb11u2.dsc b32103fea010d9a931d7b00f6f8c2fc05acb3da0fb8a5e26f7c4aab12e07f81e 82069 libx11_1.7.2-1+deb11u2.diff.gz Files: a8aa9bf30f7df4db0297b027f801fda8 2600 x11 optional libx11_1.7.2-1+deb11u2.dsc 18bcd0bd4ced87a877a0200b01f8ad83 82069 x11 optional libx11_1.7.2-1+deb11u2.diff.gz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmUb2xoUHGpjcmlzdGF1 QGRlYmlhbi5vcmcACgkQnbAjVVb4z60xug//Va1z/CEMc8Pg6bjjNQDgDMgr1J/A wHxaRfEUEShpckmCHsMrd/mmNrePs3yy+1Sb9uuH/ybdt+1wW5eg2h8Bc9p74Drn BYolsVSUAvK43Re3t5dFXbGAfMrWJUFBlJs1J9ZYa+ONr77a6OKlyBgjfYg3PauH Kdyz8ZjE5geNr0CU+BiShCPSK5My9WPry8fyqVwVH/Peq1fX9eyUau/Y4tU8fdRL xZfF9oZdI6Tcm+xPkxJsj92Eg/9i4vCpLZ6wGxpuywkhzJGIo7R0qPxfhI7acL7b nrKz3aIe1ztwtZ72eJ1oQwKSdiy7yP8ND66l4x19eF9y43mwNutN0rcHZaLOXz1i s1z6AUBis9foLp5maMwD7eymF/PP144aq4rlG74dhURD9WAGm7cxxXgRm7QtoF7E jF1QEi3fHgFgC1LE/5NBxXTQt7+VDJtj/zdAuWdR4xnA2pMof5el+HKsQiQ+7FDc 64QkTrRbK0pMlDsa4D7fOBnvlk4lyZ5SKG1G1vbfFxqzyOhSRlq4rIAGv19t6e9s uA85Pm/CGCUxRkzSy2pezOStCkR0geVRrdDgVCdRmo5KhsJ76iXGXNvQ+hvDL5xm BYRZaznXpUCeH3bMMTC2iXMIL0u0K5/QlSC48KU97A8rVzCKTGwkGrb9NZSEG+VR wFHzgDA99p498oQ= =zQW6 -----END PGP SIGNATURE-----