[ANNOUNCE] libXpm 3.5.17
Alan Coopersmith
alan.coopersmith at oracle.com
Tue Oct 3 16:29:27 UTC 2023
libXpm - X Pixmap (XPM) image file format library
-------------------------------------------------
This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html
Alan Coopersmith (10):
Set close-on-exec when opening files
test: use g_pattern_spec_match_string if available
Explicitly mark non-static symbols as export or hidden
Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
test: Add test case for CVE-2023-43789 (corrupt colormap info)
Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
Avoid CVE-2023-43786: stack exhaustion in XPutImage()
test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)
libXpm 3.5.17
Yair Mizrahi (1):
Avoid CVE-2023-43787 (integer overflow in XCreateImage)
git tag: libXpm-3.5.17
https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.gz
SHA256: 959466c7dfcfcaa8a65055bfc311f74d4c43d9257900f85ab042604d286df0c6 libXpm-3.5.17.tar.gz
SHA512: 01d1b2dcbdd0c7927add19852ec1e68575d5957f043471b0aa6e2b3deb4df397e68a616e6d257ac5a38f60a836eacaae3dc0de5c4c312050673032edbc30f077 libXpm-3.5.17.tar.gz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.gz.sig
https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.xz
SHA256: 64b31f81019e7d388c822b0b28af8d51c4622b83f1f0cb6fa3fc95e271226e43 libXpm-3.5.17.tar.xz
SHA512: 52f9d2664a47a26c1a6ad65d18867de870b66947b0b0d99cca3512756a0aaa6ce2a245c0b49f20b70c3ce48bf04c47c333e8119a147465c277bca727f6ab017e libXpm-3.5.17.tar.xz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libXpm-3.5.17.tar.xz.sig
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20231003/078f51df/attachment.sig>
More information about the xorg-announce
mailing list