-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 22 Jan 2004 20:07:06 -0500
Source: xfree86
Binary: xserver-common xlibs-dev xfs xfree86-common xfonts-pex x-window-system
xlibmesa-dev xspecs xlibmesa3 xfonts-cyrillic xlibmesa3-dbg xserver-xfree86
xlibs-dbg libxaw6 libxaw7 xterm xvfb xfonts-scalable xfonts-75dpi xlib6g
proxymngr libxaw6-dev xlibs-pic libdps1-dbg xlib6g-dev xfonts-base xutils
libxaw7-dev xnest xlibs libxaw6-dbg xmh lbxproxy libxaw7-dbg
xfonts-base-transcoded xbase-clients xprt xlibosmesa3 x-window-system-core
xlibosmesa-dev twm xfwp xfonts-100dpi-transcoded xlibosmesa3-dbg xfonts-100dpi
xdm libdps-dev xfonts-75dpi-transcoded libdps1
Architecture: source all powerpc
Version: 4.1.0-16woody2
Distribution: stable-security
Urgency: high
Maintainer: Branden Robinson <[EMAIL PROTECTED]>
Changed-By: Branden Robinson <[EMAIL PROTECTED]>
Description:
lbxproxy - Low Bandwidth X (LBX) proxy server
libdps-dev - Display PostScript (DPS) client library development files
libdps1 - Display PostScript (DPS) client library
libdps1-dbg - Display PostScript (DPS) client library (unstripped)
libxaw6 - X Athena widget set library (version 6)
libxaw6-dbg - X Athena widget set library (version 6) (unstripped)
libxaw6-dev - X Athena widget set library development files (version 6)
libxaw7 - X Athena widget set library
libxaw7-dbg - X Athena widget set library (unstripped)
libxaw7-dev - X Athena widget set library development files
proxymngr - X proxy services manager
twm - Tab window manager
x-window-system - X Window System
x-window-system-core - X Window System core components
xbase-clients - miscellaneous X clients
xdm - X display manager
xfonts-100dpi - 100 dpi fonts for X
xfonts-100dpi-transcoded - 100 dpi fonts for X (transcoded from ISO 10646-1)
xfonts-75dpi - 75 dpi fonts for X
xfonts-75dpi-transcoded - 75 dpi fonts for X (transcoded from ISO 10646-1)
xfonts-base - standard fonts for X
xfonts-base-transcoded - standard fonts for X (transcoded from ISO 10646-1)
xfonts-cyrillic - Cyrillic fonts for X
xfonts-pex - fonts for minimal PEX support in X
xfonts-scalable - scalable fonts for X
xfree86-common - X Window System (XFree86) infrastructure
xfs - X font server
xfwp - X firewall proxy server
xlib6g - pseudopackage providing X libraries
xlib6g-dev - pseudopackage providing X library development files
xlibmesa-dev - XFree86 version of Mesa 3D graphics library development files
xlibmesa3 - XFree86 version of Mesa 3D graphics library
xlibmesa3-dbg - XFree86 version of Mesa 3D graphics library (unstripped)
xlibosmesa-dev - Mesa/XFree86 off-screen rendering library development files
xlibosmesa3 - Mesa/XFree86 off-screen rendering library
xlibosmesa3-dbg - Mesa/XFree86 off-screen rendering library (unstripped)
xlibs - X Window System client libraries
xlibs-dbg - X Window System client libraries (unstripped)
xlibs-dev - X Window System client library development files
xlibs-pic - X Window System client extension library PIC archives
xmh - X interface to the MH mail system
xnest - nested X server
xprt - X print server
xserver-common - files and utilities common to all X servers
xserver-xfree86 - the XFree86 X server
xspecs - X protocol, extension, and library technical specifications
xterm - X terminal emulator
xutils - X Window System utility programs
xvfb - virtual framebuffer X server
Changes:
xfree86 (4.1.0-16woody2) stable-security; urgency=high
.
* Security update release. Resolves the following issues:
+ CAN-2003-0690: xdm does not verify whether the pam_setcred function call
succeeds, which may allow attackers to gain root privileges by
triggering error conditions within PAM modules, as demonstrated in
certain configurations of the MIT pam_krb5 module.
+ CAN-2004-0093, CAN-2003-0094: Denial-of-service attacks against the X
server by clients using the GLX extension and Direct Rendering
Infrastructure are possible due to unchecked client data (out-of-bounds
array indexes [CAN-2004-0093] and integer signedness errors
[CAN-2004-0094]).
.
* Patch xdm to call pam_strerror(), log the returned error, and exit the
StartClient() function with a zero exit status (failure) if pam_setcred()
returns a value other than PAM_SUCCESS.
- debian/patches/073_SECURITY_xdm_pam_setcred_error_handling.diff
.
* Add validation for the screen number parameter received over the wire by
the X server's DRI extension code, and fix some similar checks in the GLX
code. This fixes X server segfaults when an invalid screen value is
provided (#A.1434, Felix Kühling).
- debian/patches/074_SECURITY_DRI_and_GLX_DoS_fix.diff
Files:
f51b0fc8b91499ba6b80451ce4124528 1512 x11 optional xfree86_4.1.0-16woody2.dsc
18a47be1e7eb8bc1dbea0a860c9dbd0f 1596003 x11 optional
xfree86_4.1.0-16woody2.diff.gz
a25a1d290499960de0a2375b7da6c092 141380 x11 optional
lbxproxy_4.1.0-16woody2_powerpc.deb
c1ff7b4dc20329f4431e7b6b9235b094 187890 libs optional
libdps1_4.1.0-16woody2_powerpc.deb
905f7534f536b9bafae01b1cdb707df4 446004 devel extra
libdps1-dbg_4.1.0-16woody2_powerpc.deb
629018c744abad066aef93c747e40dee 260030 devel optional
libdps-dev_4.1.0-16woody2_powerpc.deb
6047a1623a0479d3cb8f433b3ed54ab5 178862 libs optional
libxaw6_4.1.0-16woody2_powerpc.deb
e9db3853466a49cb215bda3aa375e967 356192 devel extra
libxaw6-dbg_4.1.0-16woody2_powerpc.deb
322a8232597fa06f974b266625d16719 330992 devel extra
libxaw6-dev_4.1.0-16woody2_powerpc.deb
d7b4fd765a360ab459e9061e6c680d2d 232428 libs optional
libxaw7_4.1.0-16woody2_powerpc.deb
af9d16897814be776c41269858c76334 469368 devel extra
libxaw7-dbg_4.1.0-16woody2_powerpc.deb
c0a4d3181f98e087482efaa4fdec89c6 330906 devel optional
libxaw7-dev_4.1.0-16woody2_powerpc.deb
22c02132e1b510280ba3ce2197485447 76866 x11 optional
proxymngr_4.1.0-16woody2_powerpc.deb
a01b578cbb58ede263d64a21b9525d41 160380 x11 optional
twm_4.1.0-16woody2_powerpc.deb
32c99fd6a0d2ca847acec6b470cdcab6 1609466 x11 optional
xbase-clients_4.1.0-16woody2_powerpc.deb
2a8faa11fbbed64a849ef0115a6e22b3 172418 x11 optional
xdm_4.1.0-16woody2_powerpc.deb
3155da9b2b752078e60ecc869e72988c 304514 x11 optional
xfs_4.1.0-16woody2_powerpc.deb
2f800f243481dc5b7cb814b15d9293bb 82322 x11 optional
xfwp_4.1.0-16woody2_powerpc.deb
767ce0952b42146bd21f31a89a9d4fd4 2448900 libs optional
xlibmesa3_4.1.0-16woody2_powerpc.deb
352112b07139d81d94cabfde60fb1f76 923780 devel extra
xlibmesa3-dbg_4.1.0-16woody2_powerpc.deb
b58ab4d93fc20cfe9938385b173387d4 606262 devel optional
xlibmesa-dev_4.1.0-16woody2_powerpc.deb
e421a7de65d4e5881926f735ceee1f95 530330 libs optional
xlibosmesa3_4.1.0-16woody2_powerpc.deb
f35268b2a7ec2acca8f0f397db36defe 1087330 devel extra
xlibosmesa3-dbg_4.1.0-16woody2_powerpc.deb
d6d9ed8f36d8c5e161a94414422da649 623318 devel optional
xlibosmesa-dev_4.1.0-16woody2_powerpc.deb
4d960f727dc1396a4c47af1087e25a2c 1299740 libs optional
xlibs_4.1.0-16woody2_powerpc.deb
50674037a6882d55ff82e9f3d328769c 2701900 devel extra
xlibs-dbg_4.1.0-16woody2_powerpc.deb
8d3403179ae54777e2e28250dea95060 2985004 devel optional
xlibs-dev_4.1.0-16woody2_powerpc.deb
16fc98d34c4c4f5175bba61024d20bf1 76574 devel optional
xlibs-pic_4.1.0-16woody2_powerpc.deb
46c2bd66465cfbdc96ebe9e2931f4886 132406 mail extra
xmh_4.1.0-16woody2_powerpc.deb
e4b7ede7ca05241f0a2c563acfee6560 1579822 x11 optional
xnest_4.1.0-16woody2_powerpc.deb
4040cea52de9ba6c9b0b6cbd5cd62b7d 1274922 x11 optional
xprt_4.1.0-16woody2_powerpc.deb
aa545029b8b7355004ee2128a96cf42b 219514 x11 optional
xserver-common_4.1.0-16woody2_powerpc.deb
1dae32be6cadc88371e2a18b1e84a1ef 4617762 x11 optional
xserver-xfree86_4.1.0-16woody2_powerpc.deb
f010d354d31e8561b723a20f8a626872 493150 x11 optional
xterm_4.1.0-16woody2_powerpc.deb
c2733bf7ad999ee2e6beca8e8ccb6ce0 604064 x11 optional
xutils_4.1.0-16woody2_powerpc.deb
36b76ed8814722569db591a2b53c1028 1707946 x11 optional
xvfb_4.1.0-16woody2_powerpc.deb
b5692fa6767ecdd15f021961e16ddbdc 60372 x11 optional
x-window-system-core_4.1.0-16woody2_powerpc.deb
167ea3369208e2be78fc5dc3a93c50bc 4442236 x11 optional
xfonts-100dpi_4.1.0-16woody2_all.deb
9b4b4e1c8dd7772f5c3a0d29202e6dbc 8333400 x11 optional
xfonts-100dpi-transcoded_4.1.0-16woody2_all.deb
f13cdb8a6e4640e7d372997812bc26ad 3931526 x11 optional
xfonts-75dpi_4.1.0-16woody2_all.deb
61c92730a0dbc8bdbff61077e21460a9 7225678 x11 optional
xfonts-75dpi-transcoded_4.1.0-16woody2_all.deb
25fc46bdf507929efd9877e64908fc8b 5028576 x11 optional
xfonts-base_4.1.0-16woody2_all.deb
fefa042041e09680e4dda37e11f0ec71 1105162 x11 optional
xfonts-base-transcoded_4.1.0-16woody2_all.deb
42cc9ec605954259593c50866696a063 438386 x11 optional
xfonts-cyrillic_4.1.0-16woody2_all.deb
f898bc30e4f4530a58a17fe19e46ed9e 68728 x11 optional
xfonts-pex_4.1.0-16woody2_all.deb
b9ac1278e63c03a3a0546d3914f22e87 796088 x11 optional
xfonts-scalable_4.1.0-16woody2_all.deb
09369c15b2440c78e5665a4e390d3971 546154 x11 optional
xfree86-common_4.1.0-16woody2_all.deb
a1092223289a980e2540237d509181f6 4164546 x11 optional
xspecs_4.1.0-16woody2_all.deb
b525d37e8b7616749d7b78676a149997 60350 libs optional
xlib6g_4.1.0-16woody2_all.deb
4797341572ebc33c9f620e3a500f9a9a 60156 devel optional
xlib6g-dev_4.1.0-16woody2_all.deb
7002adb1b77f63ff1ca9802fbbd27aa9 60196 x11 optional
x-window-system_4.1.0-16woody2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iEYEARECAAYFAkAW31QACgkQ6kxmHytGonw0SQCgl7EYwyiEkfwlDvgD9RA225e6
HjoAnjmnmZUgiCfsXQngU0XDXNHVFU4+
=KfB/
-----END PGP SIGNATURE-----
Accepted:
lbxproxy_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/lbxproxy_4.1.0-16woody2_powerpc.deb
libdps-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libdps-dev_4.1.0-16woody2_powerpc.deb
libdps1-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libdps1-dbg_4.1.0-16woody2_powerpc.deb
libdps1_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libdps1_4.1.0-16woody2_powerpc.deb
libxaw6-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw6-dbg_4.1.0-16woody2_powerpc.deb
libxaw6-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw6-dev_4.1.0-16woody2_powerpc.deb
libxaw6_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw6_4.1.0-16woody2_powerpc.deb
libxaw7-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw7-dbg_4.1.0-16woody2_powerpc.deb
libxaw7-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw7-dev_4.1.0-16woody2_powerpc.deb
libxaw7_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/libxaw7_4.1.0-16woody2_powerpc.deb
proxymngr_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/proxymngr_4.1.0-16woody2_powerpc.deb
twm_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/twm_4.1.0-16woody2_powerpc.deb
x-window-system-core_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/x-window-system-core_4.1.0-16woody2_powerpc.deb
x-window-system_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/x-window-system_4.1.0-16woody2_all.deb
xbase-clients_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xbase-clients_4.1.0-16woody2_powerpc.deb
xdm_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xdm_4.1.0-16woody2_powerpc.deb
xfonts-100dpi-transcoded_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody2_all.deb
xfonts-100dpi_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-100dpi_4.1.0-16woody2_all.deb
xfonts-75dpi-transcoded_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody2_all.deb
xfonts-75dpi_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-75dpi_4.1.0-16woody2_all.deb
xfonts-base-transcoded_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody2_all.deb
xfonts-base_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-base_4.1.0-16woody2_all.deb
xfonts-cyrillic_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody2_all.deb
xfonts-pex_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-pex_4.1.0-16woody2_all.deb
xfonts-scalable_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfonts-scalable_4.1.0-16woody2_all.deb
xfree86-common_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xfree86-common_4.1.0-16woody2_all.deb
xfree86_4.1.0-16woody2.diff.gz
to pool/main/x/xfree86/xfree86_4.1.0-16woody2.diff.gz
xfree86_4.1.0-16woody2.dsc
to pool/main/x/xfree86/xfree86_4.1.0-16woody2.dsc
xfs_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xfs_4.1.0-16woody2_powerpc.deb
xfwp_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xfwp_4.1.0-16woody2_powerpc.deb
xlib6g-dev_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xlib6g-dev_4.1.0-16woody2_all.deb
xlib6g_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xlib6g_4.1.0-16woody2_all.deb
xlibmesa-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibmesa-dev_4.1.0-16woody2_powerpc.deb
xlibmesa3-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody2_powerpc.deb
xlibmesa3_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibmesa3_4.1.0-16woody2_powerpc.deb
xlibosmesa-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody2_powerpc.deb
xlibosmesa3-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody2_powerpc.deb
xlibosmesa3_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibosmesa3_4.1.0-16woody2_powerpc.deb
xlibs-dbg_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibs-dbg_4.1.0-16woody2_powerpc.deb
xlibs-dev_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibs-dev_4.1.0-16woody2_powerpc.deb
xlibs-pic_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibs-pic_4.1.0-16woody2_powerpc.deb
xlibs_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xlibs_4.1.0-16woody2_powerpc.deb
xmh_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xmh_4.1.0-16woody2_powerpc.deb
xnest_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xnest_4.1.0-16woody2_powerpc.deb
xprt_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xprt_4.1.0-16woody2_powerpc.deb
xserver-common_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xserver-common_4.1.0-16woody2_powerpc.deb
xserver-xfree86_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xserver-xfree86_4.1.0-16woody2_powerpc.deb
xspecs_4.1.0-16woody2_all.deb
to pool/main/x/xfree86/xspecs_4.1.0-16woody2_all.deb
xterm_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xterm_4.1.0-16woody2_powerpc.deb
xutils_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xutils_4.1.0-16woody2_powerpc.deb
xvfb_4.1.0-16woody2_powerpc.deb
to pool/main/x/xfree86/xvfb_4.1.0-16woody2_powerpc.deb
