Accepted xfs 1:1.0.1-7 (source i386)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Tue, 02 Oct 2007 20:21:48 +0200
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.1-7
Distribution: stable-security
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description:
 xfs - X font server
Changes:
 xfs (1:1.0.1-7) stable-security; urgency=high  .

• Security upload.
• Fix several vulnerabilities (CVE-2007-4568): The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Maliciously crafted requests can either cause two different problems with both requests: + An integer overflow in the computation of the size of a dynamic buffer can lead to a heap overflow in the build_range() function. + An arbitrary number of bytes on the heap can be swapped by the swap_char2b() function.
• See upstream security advisory: http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html Files: 6090b1b5d0c40f41cf8466d4be26c86c 794 x11 optional xfs_1.0.1-7.dsc 47090deff75f0478f865e79b88e22ce6 29837 x11 optional xfs_1.0.1-7.diff.gz 3d4296688c5a823219dc42f8de0a2675 57298 x11 optional xfs_1.0.1-7_i386.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHBev3mEvTgKxfcAwRAix3AKCo8BvlazYgW7J8pVXeOZ23zl2DnwCff9cg BFR+FBEOp1RQpVDZQApvhls=
=9fxF
-----END PGP SIGNATURE-----
Accepted:
xfs_1.0.1-7.diff.gz
  to pool/main/x/xfs/xfs_1.0.1-7.diff.gz xfs_1.0.1-7.dsc
  to pool/main/x/xfs/xfs_1.0.1-7.dsc
xfs_1.0.1-7_i386.deb
  to pool/main/x/xfs/xfs_1.0.1-7_i386.deb

-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org