-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 14 Feb 2004 13:44:41 -0500 Source: xfree86 Binary: xserver-common xlibs-dev xfs xfree86-common xfonts-pex x-window-system xlibmesa-dev xspecs xlibmesa3 xfonts-cyrillic xlibmesa3-dbg xserver-xfree86 xlibs-dbg libxaw6 libxaw7 xterm xvfb xfonts-scalable xfonts-75dpi xlib6g proxymngr libxaw6-dev xlibs-pic libdps1-dbg xlib6g-dev xfonts-base xutils libxaw7-dev xnest xlibs libxaw6-dbg xmh lbxproxy libxaw7-dbg xfonts-base-transcoded xbase-clients xprt xlibosmesa3 x-window-system-core xlibosmesa-dev twm xfwp xfonts-100dpi-transcoded xlibosmesa3-dbg xfonts-100dpi xdm libdps-dev xfonts-75dpi-transcoded libdps1 Architecture: arm Version: 4.1.0-16woody3 Distribution: stable-security Urgency: high Maintainer: Debian/ARM Build Daemon Changed-By: Branden Robinson Description: lbxproxy - Low Bandwidth X (LBX) proxy server libdps-dev - Display PostScript (DPS) client library development files libdps1 - Display PostScript (DPS) client library libdps1-dbg - Display PostScript (DPS) client library (unstripped) libxaw6 - X Athena widget set library (version 6) libxaw6-dbg - X Athena widget set library (version 6) (unstripped) libxaw6-dev - X Athena widget set library development files (version 6) libxaw7 - X Athena widget set library libxaw7-dbg - X Athena widget set library (unstripped) libxaw7-dev - X Athena widget set library development files proxymngr - X proxy services manager twm - Tab window manager x-window-system-core - X Window System core components xbase-clients - miscellaneous X clients xdm - X display manager xfs - X font server xfwp - X firewall proxy server xlibmesa-dev - XFree86 version of Mesa 3D graphics library development files xlibmesa3 - XFree86 version of Mesa 3D graphics library xlibmesa3-dbg - XFree86 version of Mesa 3D graphics library (unstripped) xlibs - X Window System client libraries xlibs-dbg - X Window System client libraries (unstripped) xlibs-dev - X Window System client library development files xlibs-pic - X Window System client extension library PIC archives xmh - X interface to the MH mail system xnest - nested X server xprt - X print server xserver-common - files and utilities common to all X servers xserver-xfree86 - the XFree86 X server xterm - X terminal emulator xutils - X Window System utility programs xvfb - virtual framebuffer X server Closes: 232378 Changes: xfree86 (4.1.0-16woody3) stable-security; urgency=high . * Security update release. Resolves the following issues: + CAN-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084. + CAN-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083. + CAN-2004-0106: Miscellaneous additional flaws in XFree86's handling of font files. . * Fix multiple buffer overflows and insufficiently rigorous input validation in the X11R6 fontfile library. (Closes: #232378) - debian/patches/075_SECURITY_libfontfile_vulnerabilities.diff Files: 50ef0b1963f370a6dae7106c54b554b6 145514 x11 optional lbxproxy_4.1.0-16woody3_arm.deb ba15b2866d0ce2c6ef53e1d220104ff6 179344 libs optional libdps1_4.1.0-16woody3_arm.deb 39dcedfadc5457c3df1c5be9a449e1db 444786 devel extra libdps1-dbg_4.1.0-16woody3_arm.deb 0a2e7ec03163b1ac48ddcb3c112f5b80 253408 devel optional libdps-dev_4.1.0-16woody3_arm.deb ff27274d84a843f33573c3e98780fb15 189156 libs optional libxaw6_4.1.0-16woody3_arm.deb 581160df2865aa6f3d484d2993963d80 378330 devel extra libxaw6-dbg_4.1.0-16woody3_arm.deb ad6eea6ae902cf8a8da69c499a74b46d 348882 devel extra libxaw6-dev_4.1.0-16woody3_arm.deb b608f9f5a94f2d3700c901bed3e46cba 241132 libs optional libxaw7_4.1.0-16woody3_arm.deb 1aa01715c540e2c8e1b75647677d5a89 491534 devel extra libxaw7-dbg_4.1.0-16woody3_arm.deb 532f7ed26edaa69fc5ce6791c4664278 348766 devel optional libxaw7-dev_4.1.0-16woody3_arm.deb e5d2d40da1a82c2c5a465a64ee1d1bb7 76848 x11 optional proxymngr_4.1.0-16woody3_arm.deb e35b21223a8175ca20337752aaf544ae 169406 x11 optional twm_4.1.0-16woody3_arm.deb 637e1f87f507300e108a47200a97ecc1 1624666 x11 optional xbase-clients_4.1.0-16woody3_arm.deb a0f2be8e600c5719815914902e5f8320 176004 x11 optional xdm_4.1.0-16woody3_arm.deb fc7406878bf6670431211d1989f321cb 325442 x11 optional xfs_4.1.0-16woody3_arm.deb 59c93b618eef92a7d30d1b3c3be51b98 82404 x11 optional xfwp_4.1.0-16woody3_arm.deb 494c01d992c33b555daf2fcd2e107bf4 352420 libs optional xlibmesa3_4.1.0-16woody3_arm.deb a7875518f73268b407ef31dd58504910 932656 devel extra xlibmesa3-dbg_4.1.0-16woody3_arm.deb 0b4615e516baf7f29a5cbeb9967259f8 607214 devel optional xlibmesa-dev_4.1.0-16woody3_arm.deb adbbf5c312c74ede40cd57433efeacd8 1315448 libs optional xlibs_4.1.0-16woody3_arm.deb 5ae240d172b40a9c3c7740e8af146dde 2757938 devel extra xlibs-dbg_4.1.0-16woody3_arm.deb d11c5b6ba53c93bac4ece82bfb6f838e 3092958 devel optional xlibs-dev_4.1.0-16woody3_arm.deb c57329ef4533fea7650bee62a78a3336 84890 devel optional xlibs-pic_4.1.0-16woody3_arm.deb 866710d6310076823f01ec059c8c40b5 133772 mail extra xmh_4.1.0-16woody3_arm.deb 722cd125551b8e431ffdac35801e51fc 1656394 x11 optional xnest_4.1.0-16woody3_arm.deb afcb03b999638193f7b2feda71c75a7e 1340506 x11 optional xprt_4.1.0-16woody3_arm.deb b0b98151943972d17c647ad2decbd1b9 219812 x11 optional xserver-common_4.1.0-16woody3_arm.deb 5032aa718b3407f89a6c9c9cf0f734de 4833036 x11 optional xserver-xfree86_4.1.0-16woody3_arm.deb b6f8580f8a68fe18720de0e088df286b 494966 x11 optional xterm_4.1.0-16woody3_arm.deb 18b9e56a3ca2d83f8584705dbdba1ad0 621638 x11 optional xutils_4.1.0-16woody3_arm.deb 9426dafcb7099dc1b2300270db6c7652 1787624 x11 optional xvfb_4.1.0-16woody3_arm.deb 70b3eff9de74afc0402d22828e207399 60662 x11 optional x-window-system-core_4.1.0-16woody3_arm.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAMXBzArxCt0PiXR4RAp9vAKClyvp20THa5re2V1icRcmuE4EKBQCfRAo5 NqLIjM95obt3iMfoQjMpJlo= =9FfS -----END PGP SIGNATURE-----