Univention Bugzilla – Bug 56744
libxpm: Multiple issues (5.0)
Last modified: 2023-10-18 16:20:36 CEST
New Debian libxpm 1:3.5.12-1+deb10u2 fixes: This update addresses the following issues: 1:3.5.12-1+deb10u2 (Thu, 05 Oct 2023 11:18:55 +0200) * Add check to avoid triggering CVE-2023-43786 in libX11. * Add check to avoid triggering CVE-2023-43787 in libX11. * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer * CVE-2023-43789: out of bounds read on XPM with corrupted colormap
--- mirror/ftp/pool/main/libx/libxpm/libxpm_3.5.12-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/libxpm_3.5.12-1+deb10u2.dsc @@ -1,3 +1,10 @@ +1:3.5.12-1+deb10u2 [Thu, 05 Oct 2023 11:18:55 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Add check to avoid triggering CVE-2023-43786 in libX11. + * Add check to avoid triggering CVE-2023-43787 in libX11. + * CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer + * CVE-2023-43789: out of bounds read on XPM with corrupted colormap + 1:3.5.12-1+deb10u1 [Mon, 19 Jun 2023 20:27:53 +0000] Bastien Roucaries <rouca@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-5/#5404897947439534122>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-5] c9ffcf7a8b Bug #56744: libxpm 1:3.5.12-1+deb10u2 doc/errata/staging/libxpm.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) [5.0-5] 0e87004504 Bug #56744: libxpm 1:3.5.12-1+deb10u2 doc/errata/staging/libxpm.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x841>