-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 14 Feb 2004 13:44:41 -0500 Source: xfree86 Binary: xserver-common xlibs-dev xfs xfree86-common xfonts-pex x-window-system xlibmesa-dev xspecs xlibmesa3 xfonts-cyrillic xlibmesa3-dbg xserver-xfree86 xlibs-dbg libxaw6 libxaw7 xterm xvfb xfonts-scalable xfonts-75dpi xlib6g proxymngr libxaw6-dev xlibs-pic libdps1-dbg xlib6g-dev xfonts-base xutils libxaw7-dev xnest xlibs libxaw6-dbg xmh lbxproxy libxaw7-dbg xfonts-base-transcoded xbase-clients xprt xlibosmesa3 x-window-system-core xlibosmesa-dev twm xfwp xfonts-100dpi-transcoded xlibosmesa3-dbg xfonts-100dpi xdm libdps-dev xfonts-75dpi-transcoded libdps1 Architecture: m68k Version: 4.1.0-16woody3 Distribution: stable-security Urgency: high Maintainer: Debian/m68k (q650) buildd Changed-By: Branden Robinson Description: lbxproxy - Low Bandwidth X (LBX) proxy server libdps-dev - Display PostScript (DPS) client library development files libdps1 - Display PostScript (DPS) client library libdps1-dbg - Display PostScript (DPS) client library (unstripped) libxaw6 - X Athena widget set library (version 6) libxaw6-dbg - X Athena widget set library (version 6) (unstripped) libxaw6-dev - X Athena widget set library development files (version 6) libxaw7 - X Athena widget set library libxaw7-dbg - X Athena widget set library (unstripped) libxaw7-dev - X Athena widget set library development files proxymngr - X proxy services manager twm - Tab window manager x-window-system-core - X Window System core components xbase-clients - miscellaneous X clients xdm - X display manager xfs - X font server xfwp - X firewall proxy server xlibmesa-dev - XFree86 version of Mesa 3D graphics library development files xlibmesa3 - XFree86 version of Mesa 3D graphics library xlibmesa3-dbg - XFree86 version of Mesa 3D graphics library (unstripped) xlibs - X Window System client libraries xlibs-dbg - X Window System client libraries (unstripped) xlibs-dev - X Window System client library development files xlibs-pic - X Window System client extension library PIC archives xmh - X interface to the MH mail system xnest - nested X server xprt - X print server xserver-common - files and utilities common to all X servers xserver-xfree86 - the XFree86 X server xterm - X terminal emulator xutils - X Window System utility programs xvfb - virtual framebuffer X server Closes: 232378 Changes: xfree86 (4.1.0-16woody3) stable-security; urgency=high . * Security update release. Resolves the following issues: + CAN-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084. + CAN-2004-0084: Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083. + CAN-2004-0106: Miscellaneous additional flaws in XFree86's handling of font files. . * Fix multiple buffer overflows and insufficiently rigorous input validation in the X11R6 fontfile library. (Closes: #232378) - debian/patches/075_SECURITY_libfontfile_vulnerabilities.diff Files: 1293e82d9b55d372d1f3a0a32f019f4c 127820 x11 optional lbxproxy_4.1.0-16woody3_m68k.deb b8c8db6506f5adf570d8287a5ba78fe9 176940 libs optional libdps1_4.1.0-16woody3_m68k.deb 6b31554cb418ce558945f466b6d3a9a6 433414 devel extra libdps1-dbg_4.1.0-16woody3_m68k.deb dac200c786dc77823e9c7f507c6a5f5e 232652 devel optional libdps-dev_4.1.0-16woody3_m68k.deb fb556a204b635a50b16be7293bdfff49 163818 libs optional libxaw6_4.1.0-16woody3_m68k.deb 73b251c4890ba71a2b767dc800014ddf 341130 devel extra libxaw6-dbg_4.1.0-16woody3_m68k.deb 44df7ac0fb0a5e3c70678330421d1d28 283560 devel extra libxaw6-dev_4.1.0-16woody3_m68k.deb 2fcbc5fc0e527fd8c12e91db71f53fab 208298 libs optional libxaw7_4.1.0-16woody3_m68k.deb ac457427b4f04e56aaa2f1b3db5d0c58 443656 devel extra libxaw7-dbg_4.1.0-16woody3_m68k.deb e1f8b6038ab9804a6b10b978a5382937 283426 devel optional libxaw7-dev_4.1.0-16woody3_m68k.deb 54a558013e05043e6bbc15dc8c9286cc 75676 x11 optional proxymngr_4.1.0-16woody3_m68k.deb ff82e1fffd9862316aee8867246ebeb4 148078 x11 optional twm_4.1.0-16woody3_m68k.deb 62823a75d1dfd6cb58713e7a5cf94957 1375852 x11 optional xbase-clients_4.1.0-16woody3_m68k.deb 297d57ce20552eda54742f90e2655122 168610 x11 optional xdm_4.1.0-16woody3_m68k.deb e4ab25f770c3c7fb960436f526df2ef1 256808 x11 optional xfs_4.1.0-16woody3_m68k.deb 7d0eb6d68cdf2eba32bcfd22b1ba8de5 80098 x11 optional xfwp_4.1.0-16woody3_m68k.deb de8bb3b5b8563f5b80d6fa8be6e4c59d 335904 libs optional xlibmesa3_4.1.0-16woody3_m68k.deb 23ae0b045fa6d811a1dc7dc626d80628 864764 devel extra xlibmesa3-dbg_4.1.0-16woody3_m68k.deb 2d67b4f40d083dd9a946c864a3e0f340 519812 devel optional xlibmesa-dev_4.1.0-16woody3_m68k.deb f95b0c723199eb490a08662efcdd7ec5 1182654 libs optional xlibs_4.1.0-16woody3_m68k.deb a83222e634843d8468fd010bb6b0f5aa 2575502 devel extra xlibs-dbg_4.1.0-16woody3_m68k.deb f917692c37bee4d58b6266a7b25e64ea 2648076 devel optional xlibs-dev_4.1.0-16woody3_m68k.deb ff5a0e30a64742dc4ebd69ee75078aae 72972 devel optional xlibs-pic_4.1.0-16woody3_m68k.deb 16e3921a112190f9362d24063e6b393f 122752 mail extra xmh_4.1.0-16woody3_m68k.deb 31e9e76f6f531255207fc65ff1b81c26 1235074 x11 optional xnest_4.1.0-16woody3_m68k.deb d5ef4446bcc696001424f7c786e2afc2 1006490 x11 optional xprt_4.1.0-16woody3_m68k.deb 857603e37ae1af7f9b9e54f103eee56c 219808 x11 optional xserver-common_4.1.0-16woody3_m68k.deb 296d5444a5ffa635211b1099065e2439 3535634 x11 optional xserver-xfree86_4.1.0-16woody3_m68k.deb 21049f1158c5a445db468b9dcd77f495 478898 x11 optional xterm_4.1.0-16woody3_m68k.deb c6991702f55d3e5a912cce5b11686ea6 551570 x11 optional xutils_4.1.0-16woody3_m68k.deb 79d635417c007dbfe07d81ccde371fd9 1325700 x11 optional xvfb_4.1.0-16woody3_m68k.deb d3154f16ef212b87a7a02fc3159c3132 60662 x11 optional x-window-system-core_4.1.0-16woody3_m68k.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAM5WiArxCt0PiXR4RAl+DAJwIqLue2oiU3ahm7/nG9yeXZM2yIQCgv9Ya lDsDlR5KC9iMLdBGQf31e4o= =SYbk -----END PGP SIGNATURE-----