-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Oct 2017 12:35:36 +0200 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xorg-core-dbg xserver-common xorg-server-source xwayland Architecture: source all amd64 Version: 2:1.16.4-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian X Strike Force <debia...@lists.debian.org> Changed-By: Julien Cristau <jcris...@debian.org> Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xorg-server-source - Xorg X server - source files xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server xwayland - Xwayland X server Changes: xorg-server (2:1.16.4-1+deb8u2) jessie-security; urgency=high . * render: Fix out of boundary heap access * Xext/shm: Validate shmseg resource id (CVE-2017-13721) * xkb: Escape non-printable characters correctly. * xkb: Handle xkb formated string output safely (CVE-2017-13723) * os: Make sure big requests have sufficient length. * Unvalidated lengths in - XFree86-VidModeExtension (CVE-2017-12180) - XFree86-DGA (CVE-2017-12181) - XFree86-DRI (CVE-2017-12182) - XFIXES (CVE-2017-12183) - XINERAMA (CVE-2017-12184) - MIT-SCREEN-SAVER (CVE-2017-12185) - X-Resource (CVE-2017-12186) - RENDER (CVE-2017-12187) * Xi: Test exact size of XIBarrierReleasePointer * Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (CVE-2017-12179) * Xi: Silence some tautological warnings * Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178) * dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) * Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176) * Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES (CVE-2017-2624) * Xwayland: enable access control and default to just the local user (CVE-2015-3164) Checksums-Sha1: 0b006c808f3d92b4b932ac18bad8e9772865aeaf 4712 xorg-server_1.16.4-1+deb8u2.dsc aa31515f649baa8037e74c0f1eac22454613aa01 115060 xorg-server_1.16.4-1+deb8u2.diff.gz a8ed59f445c6070bcc21f8dbdd2482a82fa62d99 1758568 xserver-common_1.16.4-1+deb8u2_all.deb bab0515535c0f849224fbe5979f79f2c6b4b4d23 6463038 xorg-server-source_1.16.4-1+deb8u2_all.deb 83bea9f4568e7973d6214e0237dee635b138812c 3085092 xserver-xorg-core_1.16.4-1+deb8u2_amd64.deb a2da3c83476b86a46f356a622f4f2469fd7109fb 915288 xserver-xorg-core-udeb_1.16.4-1+deb8u2_amd64.udeb 6da04f42902d6bb9d06d79986ec7d774c584e12f 1941136 xserver-xorg-dev_1.16.4-1+deb8u2_amd64.deb 9cf2b6c7387990947ea31f3398956590f1e291dd 2494358 xdmx_1.16.4-1+deb8u2_amd64.deb 30e836fd428ae863909568970caa0373165030e6 1786830 xdmx-tools_1.16.4-1+deb8u2_amd64.deb cc92e21badcb3c9c1631c551d34a6dba635478f8 2349046 xnest_1.16.4-1+deb8u2_amd64.deb 58f9e6b7f10567965701cbe6839f5031590892ff 2499034 xvfb_1.16.4-1+deb8u2_amd64.deb 8da02b9dfabbe7b16a2853d8db9c9e5d52979d18 2664164 xserver-xephyr_1.16.4-1+deb8u2_amd64.deb 0214084212f89c9f85b9b5b1ae05185584d458d9 5626280 xserver-xorg-core-dbg_1.16.4-1+deb8u2_amd64.deb 075bfbbb9f45d6a20bb99115bd1ce3e2f0f48566 2586312 xwayland_1.16.4-1+deb8u2_amd64.deb Checksums-Sha256: 11ae2a83dcc3b1ccedfe7959224a519a1aa82b552e21443d0efee011bc9287d6 4712 xorg-server_1.16.4-1+deb8u2.dsc 0be014df3125d9234aadf31ca38c12daccec0004c6a112e537ed9d952190ca87 115060 xorg-server_1.16.4-1+deb8u2.diff.gz c110a3a6d2c7bea4ba516918eeb319e2b8b463f7053b0f9b981cd6fc951dcf24 1758568 xserver-common_1.16.4-1+deb8u2_all.deb 33f07b46b54ef61b65e6d06fbb912d3a2b2e62caa6fea706619bda8a723d904f 6463038 xorg-server-source_1.16.4-1+deb8u2_all.deb 1809bcf1edafa6369c92c481b2b7bd862ac17b722b67e7196ba8c88c51d25243 3085092 xserver-xorg-core_1.16.4-1+deb8u2_amd64.deb 28c3f2279b1f1c82f47f9e0579b5bdfb590a18e45240b69479f38930a9c58c66 915288 xserver-xorg-core-udeb_1.16.4-1+deb8u2_amd64.udeb 4e32c5124a1b23040d2fa0efa2be8dc5eb4fb5ede0033aa566fa65db10be6538 1941136 xserver-xorg-dev_1.16.4-1+deb8u2_amd64.deb e6d87188dc125d308f02f95f6e5aeb775af9147868b7b116293f1ea983cf8d9e 2494358 xdmx_1.16.4-1+deb8u2_amd64.deb 3cf29cf7c16686a713d8372a86f261f81dd75a67655d950a64ad4e5e37395cb0 1786830 xdmx-tools_1.16.4-1+deb8u2_amd64.deb 4af46078f6e0072f0c8010b2a51b3e658204d13e7d5f7b7a32af0931133b2858 2349046 xnest_1.16.4-1+deb8u2_amd64.deb 303295857685310f5e73facae0999f2e9d09bf65cc862358a327ea4e00a73a2c 2499034 xvfb_1.16.4-1+deb8u2_amd64.deb af7967d8a610fa7c0e8b7b4026c594358b0aa93f342fbd50bcbe22fc63098f0a 2664164 xserver-xephyr_1.16.4-1+deb8u2_amd64.deb 03c06cd414fa2484730d94dbcf7ba3825b9000411ae1ad8a542430588d517133 5626280 xserver-xorg-core-dbg_1.16.4-1+deb8u2_amd64.deb 3b447b716c011291cc406c91cb8ef8e41653caafc9a36cd0b210e6f24df50c2c 2586312 xwayland_1.16.4-1+deb8u2_amd64.deb Files: 85654c412c0d9997a487f1a5f5527540 4712 x11 optional xorg-server_1.16.4-1+deb8u2.dsc f182b5f87dcaeac0b74cb77c326d48dc 115060 x11 optional xorg-server_1.16.4-1+deb8u2.diff.gz 4bf0f59fb75b18ffae99a693d4ca7363 1758568 x11 optional xserver-common_1.16.4-1+deb8u2_all.deb 1c10852c646b971482c7fbbf1843824b 6463038 x11 optional xorg-server-source_1.16.4-1+deb8u2_all.deb 224c7f147a3f0b73f08f83e5e032d719 3085092 x11 optional xserver-xorg-core_1.16.4-1+deb8u2_amd64.deb da6113b78cd382d604c709dd5b350a7c 915288 debian-installer optional xserver-xorg-core-udeb_1.16.4-1+deb8u2_amd64.udeb d0dfdf621554a680473614e2c09b7d15 1941136 x11 optional xserver-xorg-dev_1.16.4-1+deb8u2_amd64.deb fec52e409c92de2f21547eee826e8732 2494358 x11 optional xdmx_1.16.4-1+deb8u2_amd64.deb a6274766e82b3ee32b38646efa474b03 1786830 x11 optional xdmx-tools_1.16.4-1+deb8u2_amd64.deb 5389524f2589ea269b72e5fabfbbd53f 2349046 x11 optional xnest_1.16.4-1+deb8u2_amd64.deb c457fd7fc0b306937af66cfe659c62e2 2499034 x11 optional xvfb_1.16.4-1+deb8u2_amd64.deb 68e17893b328a5ee8fc970830b05eb9d 2664164 x11 optional xserver-xephyr_1.16.4-1+deb8u2_amd64.deb 04cfc455c5a8f65773453f96c93d357f 5626280 debug extra xserver-xorg-core-dbg_1.16.4-1+deb8u2_amd64.deb ce3bae236cb3be70fde398333c1f30be 2586312 x11 optional xwayland_1.16.4-1+deb8u2_amd64.deb Package-Type: udeb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlnh9pwACgkQnbAjVVb4 z62Y8RAAiyY2pEPkOAhtx8nEza44+iw7xaR79aeRVhjfinsL1Z+zDyF1LD8V86sm CYGvJWlAOG4YDfIXf6cu+UV5GtCyi1O7FTH695H1t2RDh8/OtYVuHizyDA743/hV qDF2uSGKoOA7giwg2UdXG9tW7Mqt1kUSTLCqQasmEwwJXNCcMn9obmVEQIY5G/9b KH7JZryL4N07zY5QyMxBP/rvIVfr6HG07pck8Etfe07n23oBK3sWPPPuSoczlHNP FSCWljvC2JeBSWe2LnhDfNLhrDCLq28fSsSszc3f5pLqbHaUR4GIONVB9o0jCNeM qhXVXbzKfrzWAwr1yQdgSfybwNfV5y+jF4DkyYrSGXVB8ZZJCeE08jW1fCRSJd6n 8VL1OkeLovSyPtzKn6StJ46N9qWcv06tntGvzkNLBZjecAuXVPJ1z/g/I74aaZ4P biWRz1pwD9WLxYFWJxA2x5Q74EALh0nnfoQFuIPwWp6VmzW5qk8E84f3xeBUHZ1x Mj3ym50J85JvxNKaLHYoq65LOeFmPEtxnsiDm1Ib5zVoPEHjdOm4+f6ohvNPtPJU zDcq2XyboKJ9ZWS1LTYbIIoqarwB7FpRjSny0JI/lD0ts2pgS0FJL80N2fLTa61Y nyAAVS6UpN2Sb2HJJsm6W20nwCej3OV3wUW9HXVXMde2eWaKFes= =dTTn -----END PGP SIGNATURE-----