-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Oct 2017 13:36:12 +0200 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-common xorg-server-source xwayland xserver-xorg-legacy Architecture: source Version: 2:1.19.2-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xorg-server-source - Xorg X server - source files xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xserver-xorg-legacy - setuid root Xorg server wrapper xvfb - Virtual Framebuffer 'fake' X server xwayland - Xwayland X server Changes: xorg-server (2:1.19.2-1+deb9u2) stretch-security; urgency=high . * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) * Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (CVE-2017-12179) * Unvalidated lengths in - XFree86-VidModeExtension (CVE-2017-12180) - XFree86-DGA (CVE-2017-12181) - XFree86-DRI (CVE-2017-12182) - XFIXES (CVE-2017-12183) - XINERAMA (CVE-2017-12184 - MIT-SCREEN-SAVER (CVE-2017-12185 - X-Resource (CVE-2017-12186 - RENDER (CVE-2017-12187) * os: Make sure big requests have sufficient length. * Xext/shm: Validate shmseg resource id (CVE-2017-13721) * xkb: Handle xkb formated string output safely (CVE-2017-13723) * xkb: Escape non-printable characters correctly. * render: Fix out of boundary heap access Checksums-Sha1: ea1c920515730a6c90dc16c21174b8fb83246c08 4843 xorg-server_1.19.2-1+deb9u2.dsc c352c5a16c4ff5e8840a5bb638f5c9d04b6eec92 146613 xorg-server_1.19.2-1+deb9u2.diff.gz Checksums-Sha256: 1a12ad229b331a915b619c3f9efc5f73a60267c753ade0df1d7e2505598249a0 4843 xorg-server_1.19.2-1+deb9u2.dsc 75c8eb9f8ca229e024d41803ba145c563474eae12f0a7672c20e55d607cb233d 146613 xorg-server_1.19.2-1+deb9u2.diff.gz Files: 0ade69fde723a572b24eb707199087fa 4843 x11 optional xorg-server_1.19.2-1+deb9u2.dsc facde1eb6be2a640e313194b803a6b31 146613 x11 optional xorg-server_1.19.2-1+deb9u2.diff.gz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlnkYVsACgkQnbAjVVb4 z624qw//XDceshCyZY6XyGuMHpFpnGMeGNsZKlFU60Chw/vAGtGEnOauCmomovQZ PMI+aiG4mWMNbVUaj883tgX78c28X3+CjYu1XZ9E3GZ23bv4ir4Nd72oGVMeT9Ct wSql99ToRz3qjZcqcfr9cokvVmWXPJArZF5rOvyfVbTzxUj+oviHfDqBjyE08uhO ErjgZvXbzeJxbG3tOVxHJXiz6ntFaVskXZVxK8yBLdeWQMa3UB/d5iT4ANxGL1Ng MqEeJl98U2yWzsSKLnH8CDOBqtlgveBW+lrAKd2vSo1Itl17vj6vo4ObYSTcSF19 TVtbhGjv+QQlKT7nUvQbvD+6jDhdF+NYhFsIa7EVvmGDeroqcehvA4myijI495qj OD3QjhfAt0Z5NXGwznMCoHBmqYmHK0j0MSZLVQaF4+naIuUcHvpfmyNA+bVeFVdo 0t8DzGlVWo0TiBP7cxq2QgIY8N06ldl5pgDwABwIhytH6xVt8vNDn21zoG2n4PVT beOTHPK1DY+6rzxYlIJkhIy+E6uqzbSp/aU1HVRPAPHp7J8jMBXznWjrNvi/dG5g 7VTauE5WwggUcvqz/sk+OAu3WYIV9v6Ysj7enIl/T/eQ33oPWiI6+bL3WxjJsBrn OhpJ7wVhhwlkbQEQU6TsiGJd9iccRkaR+jAbUfbOKlWRhOK3WHo= =JH5V -----END PGP SIGNATURE-----