Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libxpm 1:3.5.12-0+deb8u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 28 Jan 2017 12:32:09 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Jan 2017 21:19:49 +0100
Source: libxpm
Binary: libxpm4 libxpm4-dbg libxpm-dev xpmutils
Architecture: source
Version: 1:3.5.12-0+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libxpm-dev - X11 pixmap library (development headers)
 libxpm4    - X11 pixmap library
 libxpm4-dbg - X11 pixmap library (debug package)
 xpmutils   - X11 pixmap utilities
Changes:
 libxpm (1:3.5.12-0+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * New upstream version 3.5.12
     - Fix abs() usage
     - Fix out out boundary read on unknown colors
     - Gracefully handle EOF while parsing files
     - Avoid OOB write when handling malicious XPM files (CVE-2016-10164)
     - Handle size_t in file/buffer length
Checksums-Sha1: 
 696b7bc1cc78dae8973097c6ad94870a8529423e 2309 libxpm_3.5.12-0+deb8u1.dsc
 c837dfca61080a40031a3d9a83ea284acb619ab7 529302 libxpm_3.5.12.orig.tar.gz
 c84e5f5c356a5c9a7947e1b2b984ae1704dda21a 15312 libxpm_3.5.12-0+deb8u1.diff.gz
Checksums-Sha256: 
 e7e77c196f043ab06cf27cfce298aa8e9692bbf4976552e3a4571dc99a982c56 2309 libxpm_3.5.12-0+deb8u1.dsc
 2523acc780eac01db5163267b36f5b94374bfb0de26fc0b5a7bee76649fd8501 529302 libxpm_3.5.12.orig.tar.gz
 398d880297c9082a88507f41f19dde5aaf55fac973d55053a746e018ac260b1e 15312 libxpm_3.5.12-0+deb8u1.diff.gz
Files: 
 2106af0419aeac0c5377767b493f93c3 2309 x11 optional libxpm_3.5.12-0+deb8u1.dsc
 b286c884b11b5a0b4371175c5327141f 529302 x11 optional libxpm_3.5.12.orig.tar.gz
 e9a801ece71c62f1734c34755bda2cf1 15312 x11 optional libxpm_3.5.12-0+deb8u1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliJDfpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWNsP/0Y5xs05ZMLDGnvhNtAPnsbuzK9/z2ds
g4KgZHFuJ8eQrc9+e7sFp1T/1DXQK9cW6urZKT8R5vzjyiBm0y9n5D5mteKA3gR3
v5+JVwrYBYdQoG1zw1hVlGMxOTOKLSklsu2W7JFFqsAP5jgRDjmBa4dFGH6wP+4i
5XUai2zwm6zRdnYK3YPdiIDQAcfPulJ6oLSfwnBGbDZV7mViw8GOtd2L6F7y1flR
yJNmSH6Pv5tYbUptBqh7Aytn8/mxuB854+cxsBCkK4PzhNzU4Vprn9ZLopEbg8Y6
ZCRmHQKd3Y5GywR0pXsOFKOn0baW3kAuUp69T0x67qFNkwc2Y2v8YzokXzjh8wSP
V0CADn/+yX2SEcE60OWAgnnGayD3yVNPo5ki72SuaaH2Gbiova4KF2/HBMU5HaAN
gsAeZDUvJt4iSJXpNI8MDoZMTYd1fi2YyvAaKkxp9CcMncPSqJc+OzpdZUz8/SHf
ngrF51JPxOHsVp34MY/SzBv6tMEZq4nYwpSz7ezcwPKa7FWZOYG5eFUJDfZKnETn
MoWpTcehoCtKuKHR0JiCjDaNjT4qeNWntJmr9eMe0RVmItBRwPhNm7nkCkTwyI2R
6bGEOJd6W0j4pzSuCmmHlBdISxdZloiwwzrCqU65zxVnWeAbcj+WlbdeoZueDnH4
UTJI1HN18EDD
=/xjY
-----END PGP SIGNATURE-----
News for package libxpm
