-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 14 Feb 2004 13:44:41 -0500 Source: xfree86 Binary: xserver-common xlibs-dev xfs xfree86-common xfonts-pex x-window-system xlibmesa-dev xspecs xlibmesa3 xfonts-cyrillic xlibmesa3-dbg xserver-xfree86 xlibs-dbg libxaw6 libxaw7 xterm xvfb xfonts-scalable xfonts-75dpi xlib6g proxymngr libxaw6-dev xlibs-pic libdps1-dbg xlib6g-dev xfonts-base xutils libxaw7-dev xnest xlibs libxaw6-dbg xmh lbxproxy libxaw7-dbg xfonts-base-transcoded xbase-clients xprt xlibosmesa3 x-window-system-core xlibosmesa-dev twm xfwp xfonts-100dpi-transcoded xlibosmesa3-dbg xfonts-100dpi xdm libdps-dev xfonts-75dpi-transcoded libdps1 Architecture: hppa Version: 4.1.0-16woody3 Distribution: stable-security Urgency: high Maintainer: Debian/HPPA non-US Build Daemon Changed-By: Branden Robinson Description: lbxproxy - Low Bandwidth X (LBX) proxy server libdps-dev - Display PostScript (DPS) client library development files libdps1 - Display PostScript (DPS) client library libdps1-dbg - Display PostScript (DPS) client library (unstripped) libxaw6 - X Athena widget set library (version 6) libxaw6-dbg - X Athena widget set library (version 6) (unstripped) libxaw6-dev - X Athena widget set library development files (version 6) libxaw7 - X Athena widget set library libxaw7-dbg - X Athena widget set library (unstripped) libxaw7-dev - X Athena widget set library development files proxymngr - X proxy services manager twm - Tab window manager x-window-system-core - X Window System core components xbase-clients - miscellaneous X clients xdm - X display manager xfs - X font server xfwp - X firewall proxy server xlibmesa-dev - XFree86 version of Mesa 3D graphics library development files xlibmesa3 - XFree86 version of Mesa 3D graphics library xlibmesa3-dbg - XFree86 version of Mesa 3D graphics library (unstripped) xlibs - X Window System client libraries xlibs-dbg - X Window System client libraries (unstripped) xlibs-dev - X Window System client library development files xlibs-pic - X Window System client extension library PIC archives xmh - X interface to the MH mail system xnest - nested X server xprt - X print server xserver-common - files and utilities common to all X servers xserver-xfree86 - the XFree86 X server xterm - X terminal emulator xutils - X Window System utility programs xvfb - virtual framebuffer X server Closes: 232378 Changes: xfree86 (4.1.0-16woody3) stable-security; urgency=high . * Security update release. Resolves the following issues: + CAN-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084. + CAN-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083. + CAN-2004-0106: Miscellaneous additional flaws in XFree86's handling of font files. . * Fix multiple buffer overflows and insufficiently rigorous input validation in the X11R6 fontfile library. (Closes: #232378) - debian/patches/075_SECURITY_libfontfile_vulnerabilities.diff Files: 9dee055000d8cb78e8b72d5844d6a8e6 154782 x11 optional lbxproxy_4.1.0-16woody3_hppa.deb 8ab42e012af7ac8a6846339a9d81d4c3 202694 libs optional libdps1_4.1.0-16woody3_hppa.deb bea5c3172b096fb01e2a3f9f03d821cf 489140 devel extra libdps1-dbg_4.1.0-16woody3_hppa.deb 7e504ab679b79a1cb1eeab83c3c6177a 278692 devel optional libdps-dev_4.1.0-16woody3_hppa.deb b300c964460a5b987aa370d457b59128 204200 libs optional libxaw6_4.1.0-16woody3_hppa.deb 8428f8a66438302ab2483e353f7c7d41 398060 devel extra libxaw6-dbg_4.1.0-16woody3_hppa.deb 7e2e71e1fe5a421d9fa456da4caf8ed8 358712 devel extra libxaw6-dev_4.1.0-16woody3_hppa.deb 2c8c69cc302ff839d21ab622a18b9d60 264616 libs optional libxaw7_4.1.0-16woody3_hppa.deb 6c773d7c77ac8bb532d32e5b361238b1 517704 devel extra libxaw7-dbg_4.1.0-16woody3_hppa.deb 62700099e7514940da8728e0f71bd788 358600 devel optional libxaw7-dev_4.1.0-16woody3_hppa.deb efbd89540b3c8fb4350c911b124e91b2 78786 x11 optional proxymngr_4.1.0-16woody3_hppa.deb 4d291580135a8a96da518727e9d4b1af 172682 x11 optional twm_4.1.0-16woody3_hppa.deb 1c24ffc417dd5a8a764ed45c32213e6c 1700106 x11 optional xbase-clients_4.1.0-16woody3_hppa.deb a7c1bb5aa2992c50b11dbc4000260002 181330 x11 optional xdm_4.1.0-16woody3_hppa.deb a40b55fd748c80a0dba45b860967bb1f 338810 x11 optional xfs_4.1.0-16woody3_hppa.deb ee5d9bf0cfc5ef859139020a6c567892 83824 x11 optional xfwp_4.1.0-16woody3_hppa.deb 4ae4d6af4717c9e7e5379858d45155f5 434948 libs optional xlibmesa3_4.1.0-16woody3_hppa.deb 126d853388284738a8f84af621b4f322 995840 devel extra xlibmesa3-dbg_4.1.0-16woody3_hppa.deb 1fb2717e21c515b62337c0abdc534ea3 681798 devel optional xlibmesa-dev_4.1.0-16woody3_hppa.deb b878e78f0e51049cf13946e0bb8010ab 1457044 libs optional xlibs_4.1.0-16woody3_hppa.deb b2517ca97aeec23eab04810a53734777 2977882 devel extra xlibs-dbg_4.1.0-16woody3_hppa.deb b15a539209f4aa7602e7af77e10c343b 3192312 devel optional xlibs-dev_4.1.0-16woody3_hppa.deb 95399c1735af07bc1bf730de614aeed9 81332 devel optional xlibs-pic_4.1.0-16woody3_hppa.deb a6dbc84ce39bce1d892eaf4c5f9aac7a 138080 mail extra xmh_4.1.0-16woody3_hppa.deb b25df0e0234963930570aa5b5401fe0c 1924108 x11 optional xnest_4.1.0-16woody3_hppa.deb f66ce5c6e4f98e70265f330732941712 1499654 x11 optional xprt_4.1.0-16woody3_hppa.deb 06df97ea5ad2dd91ba0f270a74baea0a 220354 x11 optional xserver-common_4.1.0-16woody3_hppa.deb a0f1134478aa8073a5f336fb2937f93a 3592726 x11 optional xserver-xfree86_4.1.0-16woody3_hppa.deb 053950f5abbfa6bc28d7aac27a9749ff 510394 x11 optional xterm_4.1.0-16woody3_hppa.deb bc2c1f12532e2650b339d6338a26ff69 665576 x11 optional xutils_4.1.0-16woody3_hppa.deb 88fb211acea00e6f18d64a630b655ee4 2070616 x11 optional xvfb_4.1.0-16woody3_hppa.deb dd41cd59311d636b2cd84d4d31d189fd 60658 x11 optional x-window-system-core_4.1.0-16woody3_hppa.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAMvzhArxCt0PiXR4RAkkOAJ45qyVb+vV71PBGAs3wr+6nZWOYtQCgkRP7 +TEv0n+PJfB16xFYto1Ts2Y= =2ffi -----END PGP SIGNATURE-----