-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 02 Oct 2007 20:21:48 +0200 Source: xfs Binary: xfs Architecture: source i386 Version: 1:1.0.1-7 Distribution: stable-security Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: xfs - X font server Changes: xfs (1:1.0.1-7) stable-security; urgency=high . * Security upload. * Fix several vulnerabilities (CVE-2007-4568): The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Maliciously crafted requests can either cause two different problems with both requests: + An integer overflow in the computation of the size of a dynamic buffer can lead to a heap overflow in the build_range() function. + An arbitrary number of bytes on the heap can be swapped by the swap_char2b() function. * See upstream security advisory: http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html Files: 6090b1b5d0c40f41cf8466d4be26c86c 794 x11 optional xfs_1.0.1-7.dsc 47090deff75f0478f865e79b88e22ce6 29837 x11 optional xfs_1.0.1-7.diff.gz 3d4296688c5a823219dc42f8de0a2675 57298 x11 optional xfs_1.0.1-7_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHBev3mEvTgKxfcAwRAix3AKCo8BvlazYgW7J8pVXeOZ23zl2DnwCff9cg BFR+FBEOp1RQpVDZQApvhls= =9fxF -----END PGP SIGNATURE----- Accepted: xfs_1.0.1-7.diff.gz to pool/main/x/xfs/xfs_1.0.1-7.diff.gz xfs_1.0.1-7.dsc to pool/main/x/xfs/xfs_1.0.1-7.dsc xfs_1.0.1-7_i386.deb to pool/main/x/xfs/xfs_1.0.1-7_i386.deb
