-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 09 Dec 2014 22:04:20 +0100 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xorg-core-dbg xserver-common xorg-server-source xwayland Architecture: source all Version: 2:1.16.2.901-1 Distribution: sid Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xorg-server-source - Xorg X server - source files xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server xwayland - Xwayland X server Closes: 752156 Changes: xorg-server (2:1.16.2.901-1) unstable; urgency=medium . * New upstream release + fb: Fix Bresenham algorithms for commonly used small segments + denial of service due to unchecked malloc in client authentication [CVE-2014-8091] + integer overflows calculating memory needs for requests [CVE-2014-8092, CVE-2014-8093, CVE-2014-8094] + out of bounds access due to not validating length or offset values in requests [CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103] See http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ * Drop 06_Revert-fb-reorder-Bresenham-error-correction-to-avoi.diff, obsoleted by the upstream fix (closes: #752156) * 09_Xserver-man-iglx.diff: adjust Xserver man page, we disable indirect glx contexts by default. Checksums-Sha1: b4fab583ca3c6f87549e91f8a8fea67a78d95660 4698 xorg-server_1.16.2.901-1.dsc 7721e30102f6a95740998c5994aaf1440af0a751 8119705 xorg-server_1.16.2.901.orig.tar.gz 73667248ad44ecdc223d3f6c8760c18f3739b5d0 105554 xorg-server_1.16.2.901-1.diff.gz 7f49b85ca43ba23b12d2749e0284a72dbf7d36b8 1755218 xserver-common_1.16.2.901-1_all.deb efc411e2eed7502fec29f73cccbc9c77f53913d2 6456530 xorg-server-source_1.16.2.901-1_all.deb Checksums-Sha256: dac068906f5be37f9fde35469ea9559605d55b4919d5be5aa9e4dd69ba01ce40 4698 xorg-server_1.16.2.901-1.dsc f54ed6143323ac39af6dff041ce2f47dce24c01c1b80092b8a6d0ca10817fd81 8119705 xorg-server_1.16.2.901.orig.tar.gz 2a276ee12ff1bd8b2e3dfbc34348e1a126fc6a44e2cff7364d5186e45c08ee11 105554 xorg-server_1.16.2.901-1.diff.gz 8e788d11dc243004d44294893e1b9d8c63644d5f2fda6b2ab64d91d79e635c4f 1755218 xserver-common_1.16.2.901-1_all.deb 5037b797746367c85047f34a8d2439f55d065fb15172690fc8e14ce9f7fb223c 6456530 xorg-server-source_1.16.2.901-1_all.deb Files: 30c376ac183a38c1ee5d5ee71e458b9d 4698 x11 optional xorg-server_1.16.2.901-1.dsc b2d2353f0288be8fa79f7570972f010b 8119705 x11 optional xorg-server_1.16.2.901.orig.tar.gz 54b66c77d17e8b1075ad14f86ed9b436 105554 x11 optional xorg-server_1.16.2.901-1.diff.gz 5fb5559b6d3d5a4ef715c72b4a84fee9 1755218 x11 optional xserver-common_1.16.2.901-1_all.deb 632842e28b397a4a032ea7b6f3e4a6de 6456530 x11 optional xorg-server-source_1.16.2.901-1_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUh2mGAAoJEDEBgAUJBeQMVJEP/05zGS6x7R1y9FHDquiu87rU a+F4M5CFjDIcHo1+DyX5TC2L0WiYopnAVsqyI9Wo8c40Tv0362H20r7gyLEbp47F kVfKAqx+KT2V/C+ysV1AQoagdB9rwpqAfPv55IN89OsxGUF/rUO9POSFi0tZ9IxT sjNh0giiUUUPCz/Qy/FA9FACr+HST8nvIq4SCdLKxeBgbSoFEbJ3aUW4HPaXb+sq eL8239A+1Lj1Hn/tW3NGMk1ZIe2OK5OO2eyHyA1UDg/BEdCYGR2lNqeNs6gmSdKA wzYZVQqKOZRaL0linqKHA14xsQPP4ASpmwQcu8CZ6624IAHIwUa57gvaWCz1m5Vg JyqQj+CmMqPaFSPi1y3qUKxTq1AM2E6wt9taZ42iociriF2umeY6BaxiHCV5EQeA fRTbEvWMFthQBteR1BRy+174Z1sB7OOelc9uQAd6KVdYGJVUPMFnbpM9xBCObtGe uQzGTaqMHsAlimWBOaAqo5aoLsvBiYOqcx0XHTjL7YxRPUmf4gAco+YYGgBEPHr4 hsboUhkuJLiCrjtC4WkjLRIBzeyz30960rVg6rpbJqC1+7ien6VN/ss/m/RVqY0I cqhBSSt9K2DfxXM/H4UHpR4adJkux7vsnVdbWaBvykXEccvWz68TXJCq2+xpJwm2 0NpbjEzVGFuvG/Y8h4ba =A5xh -----END PGP SIGNATURE-----