[ubuntu/mantic-proposed] libxpm 1:3.5.12-1.1ubuntu1 (Accepted)

[Marc Deslauriers]

libxpm (1:3.5.12-1.1ubuntu1) mantic; urgency=medium

  * SECURITY UPDATE: stack exhaustion from infinite recursion in
    PutSubImage() in libx11
    - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
    - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
    - CVE-2023-43786
  * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
    overflow in libx11
    - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
    - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
    - CVE-2023-43787
  * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
    - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
    - CVE-2023-43788
  * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
    - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
    - CVE-2023-43789

Date: Tue, 03 Oct 2023 14:30:11 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxpm/1:3.5.12-1.1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 03 Oct 2023 14:30:11 -0400
Source: libxpm
Built-For-Profiles: noudeb
Architecture: source
Version: 1:3.5.12-1.1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libxpm (1:3.5.12-1.1ubuntu1) mantic; urgency=medium
 .
   * SECURITY UPDATE: stack exhaustion from infinite recursion in
     PutSubImage() in libx11
     - d/p/0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
     - d/p/0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
     - CVE-2023-43786
   * SECURITY UPDATE: integer overflow in XCreateImage() leading to a heap
     overflow in libx11
     - d/p/0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
     - d/p/0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
     - CVE-2023-43787
   * SECURITY UPDATE: out of bounds read in XpmCreateXpmImageFromBuffer()
     - d/p/0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
     - CVE-2023-43788
   * SECURITY UPDATE: out of bounds read on XPM with corrupted colormap
     - d/p/0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
     - CVE-2023-43789
Checksums-Sha1:
 451654e42f98c77a026d2fe57162d2d270de596b 2179 libxpm_3.5.12-1.1ubuntu1.dsc
 9f77da55cac5370670b797c124af1e5bef55f124 23609 libxpm_3.5.12-1.1ubuntu1.diff.gz
 2a8fa3774c85c9d3cb0f59e9263cc73c5158bba3 7131 libxpm_3.5.12-1.1ubuntu1_source.buildinfo
Checksums-Sha256:
 9c142f7c173df565f950e02a04fae14e678477ace72d18f65c250f49f104ad13 2179 libxpm_3.5.12-1.1ubuntu1.dsc
 8a92480ce77bf740977a5197b85b211a2c5f5e9f242fddd8c754784daa2eef4e 23609 libxpm_3.5.12-1.1ubuntu1.diff.gz
 632bb05483b104577788c76d3f18cf19baf7af72559421d879200015c677bf95 7131 libxpm_3.5.12-1.1ubuntu1_source.buildinfo
Files:
 5eb37c1f235bfbbb4c1e40d900baade1 2179 x11 optional libxpm_3.5.12-1.1ubuntu1.dsc
 219e7d50a1f947cde5a1877f27207e23 23609 x11 optional libxpm_3.5.12-1.1ubuntu1.diff.gz
 9c91ad53cdf6774293b8559fbe61151e 7131 x11 optional libxpm_3.5.12-1.1ubuntu1_source.buildinfo
Original-Maintainer: Debian X Strike Force <debian-x at lists.debian.org>