libXpm - X Pixmap (XPM) image file format library ------------------------------------------------- This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html Alan Coopersmith (10): Set close-on-exec when opening files test: use g_pattern_spec_match_string if available Explicitly mark non-static symbols as export or hidden Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer test: Add test case for CVE-2023-43789 (corrupt colormap info) Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage) Avoid CVE-2023-43786: stack exhaustion in XPutImage() test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage) libXpm 3.5.17 Yair Mizrahi (1): Avoid CVE-2023-43787 (integer overflow in XCreateImage) git tag: libXpm-3.5.17 https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.gz SHA256: 959466c7dfcfcaa8a65055bfc311f74d4c43d9257900f85ab042604d286df0c6 libXpm-3.5.17.tar.gz SHA512: 01d1b2dcbdd0c7927add19852ec1e68575d5957f043471b0aa6e2b3deb4df397e68a616e6d257ac5a38f60a836eacaae3dc0de5c4c312050673032edbc30f077 libXpm-3.5.17.tar.gz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.gz.sig https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.xz SHA256: 64b31f81019e7d388c822b0b28af8d51c4622b83f1f0cb6fa3fc95e271226e43 libXpm-3.5.17.tar.xz SHA512: 52f9d2664a47a26c1a6ad65d18867de870b66947b0b0d99cca3512756a0aaa6ce2a245c0b49f20b70c3ce48bf04c47c333e8119a147465c277bca727f6ab017e libXpm-3.5.17.tar.xz PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.xz.sig -- -Alan Coopersmith- alan.coopersmith at oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.x.org/archives/xorg-announce/attachments/20231003/078f51df/attachment.sig>