Accepted xorg-server 2:1.12.4-6+deb7u8 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 19 Nov 2017 20:27:35 +0100 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source all amd64 Version: 2:1.12.4-6+deb7u8 Distribution: wheezy-security Urgency: medium Maintainer: Debian X Strike Force Changed-By: Emilio Pozuelo Monfort Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.12.4-6+deb7u8) wheezy-security; urgency=medium . * Cherry-pick changes from the jessie branch: . * render: Fix out of boundary heap access * xkb: Escape non-printable characters correctly. * xkb: Handle xkb formated string output safely (CVE-2017-13723) * os: Make sure big requests have sufficient length. * Unvalidated lengths in - XFree86-VidModeExtension (CVE-2017-12180) - XFree86-DRI (CVE-2017-12182) - XFIXES (CVE-2017-12183) - XINERAMA (CVE-2017-12184) - MIT-SCREEN-SAVER (CVE-2017-12185) - RENDER (CVE-2017-12187) * Xi: Silence some tautological warnings * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624) Checksums-Sha1: cb1c7e9623708597074d89d1706f5d760544ea4e 4150 xorg-server_1.12.4-6+deb7u8.dsc c0e52b1496d427501a2f6b8fea50d040c75bbdb9 7528611 xorg-server_1.12.4.orig.tar.gz 8ca3f22ae49827d2edd71ed0f3d4a264cfbb5697 122972 xorg-server_1.12.4-6+deb7u8.diff.gz b644fe90941ca2c4c542f88abb7cc9ae0315ee08 1396928 xserver-common_1.12.4-6+deb7u8_all.deb 53a392d8f22160bc3e5216662b442a5738921134 1766776 xserver-xorg-core_1.12.4-6+deb7u8_amd64.deb d1cabfab7592bb5183948c521c0cae995c95dc67 867660 xserver-xorg-core-udeb_1.12.4-6+deb7u8_amd64.udeb df3d10d9cbe92fa9040bfb3c10a24b59835100aa 319032 xserver-xorg-dev_1.12.4-6+deb7u8_amd64.deb ae320a97d993dbfd3d193aeee354b67350073f8c 923874 xdmx_1.12.4-6+deb7u8_amd64.deb 4b7245eb24919fe634bf1e098697ecb064cf22e1 125724 xdmx-tools_1.12.4-6+deb7u8_amd64.deb dc841e6d2d661e261613ee37aada2ac25d9a2bb6 823980 xnest_1.12.4-6+deb7u8_amd64.deb 445e704de40b90ef60521714d1a306997daf9ac4 927522 xvfb_1.12.4-6+deb7u8_amd64.deb eb8eebdf1dc054362a12e8b8b292515bc9091237 1019122 xserver-xephyr_1.12.4-6+deb7u8_amd64.deb 4d47799a6aa7b0c77c1e2f4cbf2578bebc4ad115 941926 xserver-xfbdev_1.12.4-6+deb7u8_amd64.deb f19f7b0125abf2a8dd05414c733f29d0d86df3f4 7297644 xserver-xorg-core-dbg_1.12.4-6+deb7u8_amd64.deb Checksums-Sha256: 07fe1d73e34e2cad863fa734193f38b17a05a845e09b91dfa0754309ff1b3a97 4150 xorg-server_1.12.4-6+deb7u8.dsc d88225cd3c4a6ecd92d1360b34a0e5b6346e2a04c842c018cef36d8a370714ef 7528611 xorg-server_1.12.4.orig.tar.gz 97027bc840c8e14a4e819554ce3eda99f23168ff3007c01420e377d3b015f713 122972 xorg-server_1.12.4-6+deb7u8.diff.gz 3cc42a0e50b1a9e97edec402cb44c7006b6718f0d98f23294774fa15f774605c 1396928 xserver-common_1.12.4-6+deb7u8_all.deb 6a75f571c936310e1928e67fca3148b2ff8548bbcec0040551c0a3b795572b61 1766776 xserver-xorg-core_1.12.4-6+deb7u8_amd64.deb fb77214f8ae88bb3c6739b59e8abfa435ad7ba2e45fa04ccacd403a17d96746e 867660 xserver-xorg-core-udeb_1.12.4-6+deb7u8_amd64.udeb 662b1191232e19518bc2b0025a93e186c17f30f6ac4c674b991f8bdf0a9a1b8a 319032 xserver-xorg-dev_1.12.4-6+deb7u8_amd64.deb 32c60f277512932930597ec2f6a43653052dca724ce86952816bf64fe3b734c2 923874 xdmx_1.12.4-6+deb7u8_amd64.deb f4ac56da540eebcb7c2f92c133ec91fa064ded135b49140c23c815969e0ae970 125724 xdmx-tools_1.12.4-6+deb7u8_amd64.deb 9cdb1f1999765822621bb5117d5e0aa19132a51f8221f29fe674797ee305b4c0 823980 xnest_1.12.4-6+deb7u8_amd64.deb aac6478070f2b634205a4aa2ecab7038d8f6243f84d428f05312c78e7d5e9953 927522 xvfb_1.12.4-6+deb7u8_amd64.deb 91ab5be205b3f5bbb0be1117ef4cbde6de71091ee42847d523b81b2ac63e0919 1019122 xserver-xephyr_1.12.4-6+deb7u8_amd64.deb fee32b1d589e48a571aee4786b56f662f610bf753074205b172a828f003e9a6c 941926 xserver-xfbdev_1.12.4-6+deb7u8_amd64.deb 3f6737b1d4172a2b9b1762dbd15c17af97b8fe503afdc30e79b614e1d39f7397 7297644 xserver-xorg-core-dbg_1.12.4-6+deb7u8_amd64.deb Files: 85311ca8e6310861f511bcffdbb6b4b1 4150 x11 optional xorg-server_1.12.4-6+deb7u8.dsc 19c17bf7ac3e2ce34bc40108692c031f 7528611 x11 optional xorg-server_1.12.4.ori
Accepted sam2p 0.49.1-1+deb7u2 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 21 Nov 2017 23:10:38 +0100 Source: sam2p Binary: sam2p Architecture: source amd64 Version: 0.49.1-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Tanguy Ortolo Changed-By: Markus Koschany Description: sam2p - convert raster images to EPS, PDF, and other formats Changes: sam2p (0.49.1-1+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-16663: It was discovered that sam2p was affected by an integer overflow vulnerability with resultant heap-based buffer overflow in input-bmp.ci because width and height multiplications occur unsafely. This may lead to an application crash or unspecified other impact. Checksums-Sha1: cf78579b29eec9c55a9d5a66d0431eecf4c87abb 2070 sam2p_0.49.1-1+deb7u2.dsc ede333d5118ae17c8b89beced43d68a7baf33b2d 19760 sam2p_0.49.1-1+deb7u2.debian.tar.xz 4108e312e3555e608cc1ba5f1167b0f5fc095538 258138 sam2p_0.49.1-1+deb7u2_amd64.deb Checksums-Sha256: 2be2d237b57afee367a728d9ff5360d509af31ac5c382e50e1a413174d777c91 2070 sam2p_0.49.1-1+deb7u2.dsc b6897a9704c5451106cc905aa5984194406753fbcfa0f2bc71c4dd46c87ec97e 19760 sam2p_0.49.1-1+deb7u2.debian.tar.xz a17828b6cc4be32f7e5b81f94965aa37f9e29579bb0e654bf14f3784446b5ffc 258138 sam2p_0.49.1-1+deb7u2_amd64.deb Files: 806e25f0c8d400c2d5efd3c7aee56c49 2070 graphics optional sam2p_0.49.1-1+deb7u2.dsc facda6d7ea28f119d0cc6b645f370889 19760 graphics optional sam2p_0.49.1-1+deb7u2.debian.tar.xz 3641271f86b62f1bdaad22b56c895d08 258138 graphics optional sam2p_0.49.1-1+deb7u2_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloVvXxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0+kP/jyuHjelAAnrHLwudkLSK1E1H7uPVlzjhg3e B8NXyTMV2CYUPjGOXOAxts/nhaBUZCrAH7q7zQK0plgbQoEdbefcMErmgRD2hEEi rEWjQHbZfisskparGs0lfjAuyg8MKAxZY/EOZ9qIH9ULgXQRSMntMPI4tJ+48QdZ 03xEOwVGJRuJqDVv5xYXQZSuLdy+JHSa6ZbDPuPd3U5jkzQbgFi1zYvZyivkPB6n tXfUiBGfs/5AddV9U9Qr3olIw/Hn+QiUuxrB5h4BdpSPAe9hs2Qu3iTsn8zbmjGj PmzhdAZ88pVbgtdM9aG2mEmFL8X+bWV5IH8MBos2pxFLuQBZ9n3jOK/LA9pc0RwR dFRGC1a7zB17wEH7YgBrrmjxNKRS7gepAttfpddQGciF1RxG9rfBlgNRrP+MbVWD YiCFV/T3vijm9zenBM+UFzbBogSKNyA0z4rBMf4Nd7hs5iDlxtBrv0HJwUa2Afpe hJIamZBmwDATU/vVt9+xwNLkV1QA8too8luYusEV8jmJLzyZiZfj9I1+FSjd9DnW 3nzNrcYgmauTNEBsWF0JrZfZOiw8SDfgeTwQr6EhhvPVOmiNrjhBqJGClaXEEqmx WZEVRjMfKg3WhAY2lPn3c4lA/4gXO0+qo5wiBYJJU7Lz+f6yPInatqYNiIBCBuy/ nfYEo78I =grOM -END PGP SIGNATURE-
