-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Sep 2018 14:05:05 +0200 Source: libx11 Binary: libx11-6 libx11-6-udeb libx11-data libx11-dev libx11-xcb1 libx11-xcb-dev libx11-doc Architecture: source amd64 all Version: 2:1.6.4-3+deb9u1 Distribution: stretch Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libx11-6 - X11 client-side library libx11-6-udeb - X11 client-side library (udeb) libx11-data - X11 client-side library libx11-dev - X11 client-side library (development headers) libx11-doc - X11 client-side library (development documentation) libx11-xcb-dev - Xlib/XCB interface library (development headers) libx11-xcb1 - Xlib/XCB interface library Changes: libx11 (2:1.6.4-3+deb9u1) stretch; urgency=high . * Non-maintainer upload. * Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600: * CVE-2018-14599: The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable to an off-by-one override on malicious server responses. * CVE-2018-14600: The length value is interpreted as signed char on many systems (depending on default signedness of char), which can lead to an out of boundary write up to 128 bytes in front of the allocated storage, but limited to NUL byte(s). * CVE-2018-14598: If the server sends a reply in which even the first string would overflow the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a count of 0 is returned. This may trigger a segmentation fault leading to a Denial of Service. Checksums-Sha1: 8c85e8fd29b73ceeb3f9e3c823950f2f94f8704e 2576 libx11_1.6.4-3+deb9u1.dsc 04acc1fb67fe3752c3be65f906c8b0ecd2df3ccb 3095115 libx11_1.6.4.orig.tar.gz b6f16901579074375a20382b103fc42dc4846fc8 42948 libx11_1.6.4-3+deb9u1.diff.gz 4f3d74b6d95fc9ce375cab036436c0576ef928bc 3279804 libx11-6-dbgsym_1.6.4-3+deb9u1_amd64.deb a4d69b6ff8f1d9862f9504657dafe0810c499a3b 564160 libx11-6-udeb_1.6.4-3+deb9u1_amd64.udeb d1bbe808aae5ccfb208f2de5b9b7bb650af1421c 747840 libx11-6_1.6.4-3+deb9u1_amd64.deb 6886d6ab05bb8af408d85509ee161d7fcfc605d8 287062 libx11-data_1.6.4-3+deb9u1_all.deb 62f34d4ee28971b881834ba424e82a12ed78ac11 814772 libx11-dev_1.6.4-3+deb9u1_amd64.deb 568d8ed168057b732eefd193c1d4927716872f1e 2201454 libx11-doc_1.6.4-3+deb9u1_all.deb 5e7160be8d1ac6b27da2a30d93443da37422f47e 185410 libx11-xcb-dev_1.6.4-3+deb9u1_amd64.deb 3bdea5f7749927b5b8d214efb4eca53abf3629f7 16180 libx11-xcb1-dbgsym_1.6.4-3+deb9u1_amd64.deb 22c0b2c39527a714e21e6088d0aad1a9fcba9f2e 183334 libx11-xcb1_1.6.4-3+deb9u1_amd64.deb 0fc06a5f016e5231a91197898f9e42b7f9336c3f 9080 libx11_1.6.4-3+deb9u1_amd64.buildinfo Checksums-Sha256: f58095603558b7db6b5799852c693efb18adcb64b8a85e21433df0f3080101cd 2576 libx11_1.6.4-3+deb9u1.dsc 5d7fbb9e15c27900ea8963218a59750b674a8d7c94161b66e96fcfbdaa1c6263 3095115 libx11_1.6.4.orig.tar.gz 9f35ff369042893ffc47fa47fea245b355e7a7e44853d8cc4d8a765c32b407f2 42948 libx11_1.6.4-3+deb9u1.diff.gz 51fcd8ca4c63f41615061e1f183daff3fc3603f3b8f979d84224a6855d2ecf9c 3279804 libx11-6-dbgsym_1.6.4-3+deb9u1_amd64.deb ffdb9a1c4c893616fd079736e6bd0f7eb81450a380b18609f0df522e61aec4bc 564160 libx11-6-udeb_1.6.4-3+deb9u1_amd64.udeb bfb881d47a72a6d79a66327bf43e106c13c4dfbd9e87987ff551c3c0cd6bc92e 747840 libx11-6_1.6.4-3+deb9u1_amd64.deb c589d2decc374dff78da717a4716c0d79d9646abb7ccc4a64e1f61534a2ba3b3 287062 libx11-data_1.6.4-3+deb9u1_all.deb 162a4f65109ad16c7cb8dcde3aec7229ae9088b1859f4db7ce2a2dcbb93a4e97 814772 libx11-dev_1.6.4-3+deb9u1_amd64.deb 35b7de03f03eaa599169cffd43957a4527ccec9fe7bbbd51b54015731d7c26bd 2201454 libx11-doc_1.6.4-3+deb9u1_all.deb 9c7c1874d813468cf03b3fa26729c3abf1477a6ebb5096b32d8bcd704d667476 185410 libx11-xcb-dev_1.6.4-3+deb9u1_amd64.deb 934bf14f8e983a6dc9ffbe821e669669e0bdcf5beed288f7b615881e576fb1de 16180 libx11-xcb1-dbgsym_1.6.4-3+deb9u1_amd64.deb b8c259d8537378ade86b4d1add01475207d1531dff5ddb6032f3777c9be7b90e 183334 libx11-xcb1_1.6.4-3+deb9u1_amd64.deb acdb77478ef31c08d6328d760483748b0ac1d4e765224abd7503ba85b1ce86f7 9080 libx11_1.6.4-3+deb9u1_amd64.buildinfo Files: 60da2a79de63d27a868928ffef6d442d 2576 x11 optional libx11_1.6.4-3+deb9u1.dsc f60fb9f397090ed7d75c8c8873014d1e 3095115 x11 optional libx11_1.6.4.orig.tar.gz 8022d5d76411643ddfa0dc3094ea5430 42948 x11 optional libx11_1.6.4-3+deb9u1.diff.gz db6c4df8aeb8ff1e2f41650dc8e6e618 3279804 debug extra libx11-6-dbgsym_1.6.4-3+deb9u1_amd64.deb 3613c3b90a092e54dbc284dd44ebdf61 564160 debian-installer optional libx11-6-udeb_1.6.4-3+deb9u1_amd64.udeb 7999af7d41751969dd565c3930de586a 747840 libs optional libx11-6_1.6.4-3+deb9u1_amd64.deb 7eaa1d064cb4e84fbab059093ace4397 287062 x11 optional libx11-data_1.6.4-3+deb9u1_all.deb 93ea58cd2bd4405fc96487a4476741d6 814772 libdevel optional libx11-dev_1.6.4-3+deb9u1_amd64.deb 39ae8ad277ea0e837ea56786cc074870 2201454 doc optional libx11-doc_1.6.4-3+deb9u1_all.deb d3c41a41d3d81182e043835f223f1a22 185410 libdevel optional libx11-xcb-dev_1.6.4-3+deb9u1_amd64.deb f3e2165ca376fb44133a75be84e66813 16180 debug extra libx11-xcb1-dbgsym_1.6.4-3+deb9u1_amd64.deb 3e21926321d1ea978d3aded1636418f0 183334 libs optional libx11-xcb1_1.6.4-3+deb9u1_amd64.deb 164bb46135a8614d8dc19a13d169ba5b 9080 x11 optional libx11_1.6.4-3+deb9u1_amd64.buildinfo Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluvb09fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqGoQAId74wZ25SXPcvWjC+qtAwghiTYQIyThyU9E /dkATo+b8Gp/RadzjAbDRyhKO7s/ePfa5SvJWJeb9HsmSP2uOkGbbVuqgjdlSgLd hjVlMs+olRAf5PtvHWd/Fz0JlK9GTLIvUhQqcVejWzqCbKLMq9xITfpdskSb5R3O fASu81BmHWPC3SVcr34rMQDxJ0LChBEaM7AkrDvH/yDka/xvmvIMd/Fk8NlTpbqA KoJJucU91jEZQ449BY4nCzQLAiNRLYl4Jcdf+kiCUpPTUwocwh/vBWORpsNI8HdR YEh2K/9Sn8Sd+5VUo3nnVWmHmKNfKxXImfgl54GZcPZfJrjvgbnp13LxEhux7c4c N8iDmD4essTKxnVCH/Md/mOMvRofh32SxdVrAqy++UzwKD/OFsIgFYOnuyvnXIfi kASJl6xd8aVAaqpj0TtL14Im67p5CEETNjjEVYxIKRVSczh6Ie6qAkIoWXJ/qmcd 8RTysG/9IuGz5ZSgU59uRWKCOM3HAhXlT06JQI8LyDadj4ONSEsXphtZYZlG9WRY NMo+BAf4v6KqpIcgh2MGQw7NTynpHXUYziLdLuXy5kd2Nd3vu5tFaeMfYaoEdazc KmsUHTd8Lp1TgQwxgJ00Gzboy28vja8GVNr1ATrHg08xP5ODkGrtgPGlmz+/YSbB 0Lr/AnXF =kK4r -----END PGP SIGNATURE-----