-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 19 Nov 2017 20:27:35 +0100 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source all amd64 Version: 2:1.12.4-6+deb7u8 Distribution: wheezy-security Urgency: medium Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.12.4-6+deb7u8) wheezy-security; urgency=medium . * Cherry-pick changes from the jessie branch: . * render: Fix out of boundary heap access * xkb: Escape non-printable characters correctly. * xkb: Handle xkb formated string output safely (CVE-2017-13723) * os: Make sure big requests have sufficient length. * Unvalidated lengths in - XFree86-VidModeExtension (CVE-2017-12180) - XFree86-DRI (CVE-2017-12182) - XFIXES (CVE-2017-12183) - XINERAMA (CVE-2017-12184) - MIT-SCREEN-SAVER (CVE-2017-12185) - RENDER (CVE-2017-12187) * Xi: Silence some tautological warnings * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624) Checksums-Sha1: cb1c7e9623708597074d89d1706f5d760544ea4e 4150 xorg-server_1.12.4-6+deb7u8.dsc c0e52b1496d427501a2f6b8fea50d040c75bbdb9 7528611 xorg-server_1.12.4.orig.tar.gz 8ca3f22ae49827d2edd71ed0f3d4a264cfbb5697 122972 xorg-server_1.12.4-6+deb7u8.diff.gz b644fe90941ca2c4c542f88abb7cc9ae0315ee08 1396928 xserver-common_1.12.4-6+deb7u8_all.deb 53a392d8f22160bc3e5216662b442a5738921134 1766776 xserver-xorg-core_1.12.4-6+deb7u8_amd64.deb d1cabfab7592bb5183948c521c0cae995c95dc67 867660 xserver-xorg-core-udeb_1.12.4-6+deb7u8_amd64.udeb df3d10d9cbe92fa9040bfb3c10a24b59835100aa 319032 xserver-xorg-dev_1.12.4-6+deb7u8_amd64.deb ae320a97d993dbfd3d193aeee354b67350073f8c 923874 xdmx_1.12.4-6+deb7u8_amd64.deb 4b7245eb24919fe634bf1e098697ecb064cf22e1 125724 xdmx-tools_1.12.4-6+deb7u8_amd64.deb dc841e6d2d661e261613ee37aada2ac25d9a2bb6 823980 xnest_1.12.4-6+deb7u8_amd64.deb 445e704de40b90ef60521714d1a306997daf9ac4 927522 xvfb_1.12.4-6+deb7u8_amd64.deb eb8eebdf1dc054362a12e8b8b292515bc9091237 1019122 xserver-xephyr_1.12.4-6+deb7u8_amd64.deb 4d47799a6aa7b0c77c1e2f4cbf2578bebc4ad115 941926 xserver-xfbdev_1.12.4-6+deb7u8_amd64.deb f19f7b0125abf2a8dd05414c733f29d0d86df3f4 7297644 xserver-xorg-core-dbg_1.12.4-6+deb7u8_amd64.deb Checksums-Sha256: 07fe1d73e34e2cad863fa734193f38b17a05a845e09b91dfa0754309ff1b3a97 4150 xorg-server_1.12.4-6+deb7u8.dsc d88225cd3c4a6ecd92d1360b34a0e5b6346e2a04c842c018cef36d8a370714ef 7528611 xorg-server_1.12.4.orig.tar.gz 97027bc840c8e14a4e819554ce3eda99f23168ff3007c01420e377d3b015f713 122972 xorg-server_1.12.4-6+deb7u8.diff.gz 3cc42a0e50b1a9e97edec402cb44c7006b6718f0d98f23294774fa15f774605c 1396928 xserver-common_1.12.4-6+deb7u8_all.deb 6a75f571c936310e1928e67fca3148b2ff8548bbcec0040551c0a3b795572b61 1766776 xserver-xorg-core_1.12.4-6+deb7u8_amd64.deb fb77214f8ae88bb3c6739b59e8abfa435ad7ba2e45fa04ccacd403a17d96746e 867660 xserver-xorg-core-udeb_1.12.4-6+deb7u8_amd64.udeb 662b1191232e19518bc2b0025a93e186c17f30f6ac4c674b991f8bdf0a9a1b8a 319032 xserver-xorg-dev_1.12.4-6+deb7u8_amd64.deb 32c60f277512932930597ec2f6a43653052dca724ce86952816bf64fe3b734c2 923874 xdmx_1.12.4-6+deb7u8_amd64.deb f4ac56da540eebcb7c2f92c133ec91fa064ded135b49140c23c815969e0ae970 125724 xdmx-tools_1.12.4-6+deb7u8_amd64.deb 9cdb1f1999765822621bb5117d5e0aa19132a51f8221f29fe674797ee305b4c0 823980 xnest_1.12.4-6+deb7u8_amd64.deb aac6478070f2b634205a4aa2ecab7038d8f6243f84d428f05312c78e7d5e9953 927522 xvfb_1.12.4-6+deb7u8_amd64.deb 91ab5be205b3f5bbb0be1117ef4cbde6de71091ee42847d523b81b2ac63e0919 1019122 xserver-xephyr_1.12.4-6+deb7u8_amd64.deb fee32b1d589e48a571aee4786b56f662f610bf753074205b172a828f003e9a6c 941926 xserver-xfbdev_1.12.4-6+deb7u8_amd64.deb 3f6737b1d4172a2b9b1762dbd15c17af97b8fe503afdc30e79b614e1d39f7397 7297644 xserver-xorg-core-dbg_1.12.4-6+deb7u8_amd64.deb Files: 85311ca8e6310861f511bcffdbb6b4b1 4150 x11 optional xorg-server_1.12.4-6+deb7u8.dsc 19c17bf7ac3e2ce34bc40108692c031f 7528611 x11 optional xorg-server_1.12.4.orig.tar.gz 2fe56f34686374741b351d344c3a9ff5 122972 x11 optional xorg-server_1.12.4-6+deb7u8.diff.gz 036d3bf8907fbd34236681d5697e6ce8 1396928 x11 optional xserver-common_1.12.4-6+deb7u8_all.deb f7168db94ee96d3fb81aaf1d4c5818b6 1766776 x11 optional xserver-xorg-core_1.12.4-6+deb7u8_amd64.deb a4aff382ffdc47c8209eb7b15abf0c37 867660 debian-installer optional xserver-xorg-core-udeb_1.12.4-6+deb7u8_amd64.udeb fb3b8cd30ccbfec7aa350550f21f6c83 319032 x11 optional xserver-xorg-dev_1.12.4-6+deb7u8_amd64.deb e70c3804a3a2cedffcf6b69ea3f06a4e 923874 x11 optional xdmx_1.12.4-6+deb7u8_amd64.deb 3638839ed311e08993847d18336b3002 125724 x11 optional xdmx-tools_1.12.4-6+deb7u8_amd64.deb 5d4ba1b903c67e7658b4b44a038b9a11 823980 x11 optional xnest_1.12.4-6+deb7u8_amd64.deb 5a6963676f73d3fe4011509641373210 927522 x11 optional xvfb_1.12.4-6+deb7u8_amd64.deb 825a66f18aa85fdf122422fd28072d0d 1019122 x11 optional xserver-xephyr_1.12.4-6+deb7u8_amd64.deb 5aeedd24ff3e70cde17b3cd275d055f3 941926 x11 optional xserver-xfbdev_1.12.4-6+deb7u8_amd64.deb 322666b0214e0105d3aa4944d9334612 7297644 debug extra xserver-xorg-core-dbg_1.12.4-6+deb7u8_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAloV0rwACgkQnUbEiOQ2 gwKU5xAAhCTssbPwYtGemLCXNFF2AZRVZrRwvwC1TFmdZdAQ+7CKD6lXNAzbhzBA zp5tAin5gGKk3fkzO8LE8nJ2edo/Z8bzGWpKJCY3S9xiGpfpMbeV4sGg9cC2HObi N1kIJAQplEZnuxriwQ5lkZkz3QzwHEGGluKAQ7a/QDpikEXbMmq1baXOoYy63Gv2 HPZOaiO0cWUTC862o52BnW/AHITBjFDPOvaAnJhXlKFf4UR4hCiccS3A5Q2P6UY2 2FdZHqDH5XLR2PETaye45yLBDTRO3cVY4UHYavFN3JBQgbr3sC4LMZUP5hJUmdlq yUCJdZmWyp2F9VnVihKkiGEdF7LVB4cdAhzNGU8NIg3veR16ixW+8sIyPyBDjmCl 2EnXALNQBffPH9e2G4Go5GeG/KZmfRyjPWGXfH4TMZeTQLfokcUeQO1Rw6V+aXg7 DYUZbugZffYVsyFpT6JHHtIdJzDtOQlXF39/E9DblBx+SyiX0ij+9Qg+OhiqlvqA pfj1uICP1qtS6w9nzjLJgKsLdVvR0ca7Xda/raQsKLqpbIM2qBTO6CmacQTHIMnT uMwntmo8zb1rNZayQQJ1Vmd6Ia53aGEft85Tfh1kdsj/iUH0nHCndus8PWxkVUD6 RdKaeAaagoBIuAYiDptXSnkiRAKW3lNxGtGQgKm1uc4LJCBVeYA= =yGS5 -----END PGP SIGNATURE-----