-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.6 Date: Wed, 7 Feb 2001 18:26:18 -0500 Source: xfree86v3 Binary: xserver-svga xserver-p9000 xserver-mach8 xlib6 xserver-8514 xext xserver-s3 xserver-mach32 xlib6-altdev xserver-common-v3 xserver-agx Architecture: source i386 Version: 3.3.6-31 Distribution: unstable Urgency: high Maintainer: Branden Robinson <branden@debian.org> Description: xext - extensions to XFree86 3.x servers xlib6 - shared libraries required by libc5 X clients xlib6-altdev - include files and libraries for libc5 X client development xserver-8514 - X server for ATI 8514/A-based graphics cards xserver-agx - X server for IBM XGA and IIT AGX-based graphics cards xserver-common-v3 - files and utilities common to XFree86 3.x X servers xserver-mach32 - X server for ATI Mach32-based graphics cards xserver-mach8 - X server for ATI Mach8-based graphics cards xserver-p9000 - X server for Weitek P9000-based graphics cards xserver-s3 - X server for S3 chipset-based graphics cards xserver-svga - X server for SVGA graphics cards Changes: xfree86v3 (3.3.6-31) unstable; urgency=HIGH . * upstream fix #09: security issues - fix for XC-SECURITY denial-of-service attack - fix for potential stack smash in Xlib's _XAsyncReply() - fix for insecure tempfile handling in Xaw's AsciiSrc and MultiSrc widgets - fix for insecure tempfile handling in imake's glibc detection - fix for insecure tempfile handling in imake's manpage install rules * patch #052: Xlib's OpenDis.c file from XFree86 4.0.2, which addresses several security issues caused by bogus protocol replies from rogue X servers: - fix for denial-of-service attack caused by a resource mask of zero - fix for potential stack smash caused by oversized vendor string length - fix for potential stack smash caused by nonsensical setup length - fix for potential stack smash caused by deceptive number of items in reply Note that Debian already had patches to fix the above 4 problems (since 3.3.6-11potato15 and 3.3.6-15). * patch #065: removed; obsoleted by new patch #052 * debian/xserver/config: - change occurences of "xserver-xfree86" in template names to "shared/xfree86v3", D'OH! (thanks, Jeff Licquia) - major workaround for debconf 0.3.83's shared template handling (thanks, Jeff Licquia) - add readlink() function, and ask question about clobbering the symlink to the default X server * debian/xserver/postinst: - only change X server symlink if the default X server was not autoselected by debconf itself, in the case where the shared template has only one value (thanks, Jeff Licquia) - if the /etc/X11/X symlink points to the X server wrapper, remove the symlink, since this would cause an infinite loop - tell people when we write the X server config file Files: ce1aab0d0914d64735e6fe0a0b378219 797 x11 optional xfree86v3_3.3.6-31.dsc ee4e1ccdac16291011a3a152c17b9039 697401 x11 optional xfree86v3_3.3.6-31.diff.gz 1642392c9a3e4321612c100d22535ca3 795798 oldlibs optional xlib6_3.3.6-31_i386.deb a89dc61134d05b761d7543b68101a75a 1317004 oldlibs optional xlib6-altdev_3.3.6-31_i386.deb 59eb745ad8a4c5f1e26c0aeea0a5b68f 480114 x11 optional xext_3.3.6-31_i386.deb 02c3356a43b98d63a6c0dde9f3204d57 321580 x11 optional xserver-common-v3_3.3.6-31_i386.deb 2045ed7ab29ba06c3b16ec879c27a9b1 747692 x11 optional xserver-8514_3.3.6-31_i386.deb 0fe89bed4eeb52e6a7b94110d89787f0 822290 x11 optional xserver-agx_3.3.6-31_i386.deb c4293b3444d3a14b85f88fd4eaceed2d 809566 x11 optional xserver-mach32_3.3.6-31_i386.deb 7e5da5f7a3b1d66fa5f16f778bc0d978 751508 x11 optional xserver-mach8_3.3.6-31_i386.deb 2be63f621a7a51590b9742de770f99f5 830530 x11 optional xserver-p9000_3.3.6-31_i386.deb 71bbe9b4f3bd33815a895a83d4ef4776 1013740 x11 optional xserver-s3_3.3.6-31_i386.deb e9a18266e9e936bc2fb04c33ac5aad49 1344194 x11 optional xserver-svga_3.3.6-31_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjqC52AACgkQ6kxmHytGonwwHQCeJrJDxsIvCsRirYwkj77IC5y/ KeUAn3H3ueuLKyQ5xPxMUl4jwcGFJz/P =qZYN -----END PGP SIGNATURE----- Installed: xserver-svga_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-svga_3.3.6-31_i386.deb xserver-agx_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-agx_3.3.6-31_i386.deb xserver-mach32_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-mach32_3.3.6-31_i386.deb xlib6-altdev_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xlib6-altdev_3.3.6-31_i386.deb xlib6_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xlib6_3.3.6-31_i386.deb xserver-s3_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-s3_3.3.6-31_i386.deb xfree86v3_3.3.6-31.dsc to pool/main/x/xfree86v3/xfree86v3_3.3.6-31.dsc xserver-p9000_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-p9000_3.3.6-31_i386.deb xext_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xext_3.3.6-31_i386.deb xserver-common-v3_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-common-v3_3.3.6-31_i386.deb xserver-mach8_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-mach8_3.3.6-31_i386.deb xfree86v3_3.3.6-31.diff.gz to pool/main/x/xfree86v3/xfree86v3_3.3.6-31.diff.gz xserver-8514_3.3.6-31_i386.deb to pool/main/x/xfree86v3/xserver-8514_3.3.6-31_i386.deb