Ubuntu
libxpm package

libxpm4: new buffer overflow security hole (CAN-2005-0605)

Bug #13903 reported by Debian Bug Importer
8
Affects Status Importance Assigned to Milestone
libxpm (Debian)
Fix Released
Unknown
libxpm (Ubuntu)
Fix Released
High
Daniel Stone

Bug Description

Automatically imported from Debian bug report #299272 http://bugs.debian.org/299272

See original description

CVE References

Revision history for this message
In , Joey Hess (joeyh) wrote : Fixed in NMU of lesstif1-1 1:0.93.94-11.1

tag 298939 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Mar 2005 16:34:21 -0500
Source: lesstif1-1
Binary: lesstif-bin lesstif2 lesstif-dev lesstif2-dev lesstif-doc lesstif1
Architecture: source i386 all
Version: 1:0.93.94-11.1
Distribution: unstable
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Joey Hess <email address hidden>
Description:
 lesstif-bin - user binaries for LessTif
 lesstif-dev - development library and header files for LessTif 1.2
 lesstif-doc - documentation for LessTif
 lesstif1 - OSF/Motif 1.2 implementation released under LGPL
 lesstif2 - OSF/Motif 2.1 implementation released under LGPL
 lesstif2-dev - development library and header files for LessTif 2.1
Closes: 298939
Changes:
 lesstif1-1 (1:0.93.94-11.1) unstable; urgency=HIGH
 .
   * NMU
   * Apply fix for newest libXpm buffer overflows in lesstif1, involving a
     negative bitmap_unit value. Fixed both lesstif1 and lesstif2.
     Closes: #298939 (CAN-2005-0605)
Files:
 a422c21d24213bebb5aa6ea449f27e87 854 libs optional lesstif1-1_0.93.94-11.1.dsc
 411faaae59989c0cc06c5d5c5d1501ed 63754 libs optional lesstif1-1_0.93.94-11.1.diff.gz
 4ebc9aba7278d1f3df41a857122d2817 342808 doc optional lesstif-doc_0.93.94-11.1_all.deb
 316c7354bcda42337f552cd390fc87a0 693384 libs optional lesstif2_0.93.94-11.1_i386.deb
 46d7302f480f98059caac5e9abc9a34c 615744 libs optional lesstif1_0.93.94-11.1_i386.deb
 dea270bc7f7b3cf70f6a24b5b96c5ac9 960352 libdevel optional lesstif2-dev_0.93.94-11.1_i386.deb
 d582252380bc2c493b984522fc4bdd63 829282 libdevel optional lesstif-dev_0.93.94-11.1_i386.deb
 e789bd635bf66bf8d3a9b6f245dea6f8 164350 x11 optional lesstif-bin_0.93.94-11.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCMPcK2tp5zXiKP0wRAlZoAKC3ClOMceDJFcylaiHeovTycZCrQgCePHuf
rp1259h6+vhfnMG6uqFbuoE=
=HdVa
-----END PGP SIGNATURE-----

Revision history for this message
In , Branden Robinson (branden) wrote : xfree86 4.1.0-16woody6 available to fix CAN-2005-0605

The following URL contains source and binary packages for powerpc resolving
CAN-2005-0605[1], which is described as:

  The XPM library's scan.c file may allow attackers to execute arbitrary code
  by crafting a malicious XPM image file containing a negative bitmap_unit
  value that provokes a buffer overflow.

http://redwald.deadbeast.net/tmp/CAN-2005-0605/

I'm attaching a GPG-signed file, MD5SUMS.txt, that you can use to verify
the download.

This package makes two changes:

1) It applies the purported fix for CAN-2005-0605. I know of no exploit
   for this vulnerability, so I was unable to test this.
2) It fixes the regression in XPM file-writing introduced by the fix for
   CAN-2004-0914 (in -16woody5). I confirmed that saving XPM files in a
   woody environment with -16woody5 with the GIMP didn't work, and that
   upgrading to -16woody6 restored the functionality.

Please also find at the above URL:
* my package build log, xfree86_4.1.0-16woody6_powerpc.build; I built in a
  clean, up-to-date woody chroot
* xfree86_4.1.0-16woody6_qa_install_purge.typescript, a transcript of
  installing and purging these packages in a woody chroot
* xfree86_4.1.0-16woody6_qa_upgrade_downgrade.typescript, a transcript of
  upgrading these packages from -16woody5 and downgrading them back to
  -16woody5 in a woody chroot
* test-x11-packages, the shell script I used to automate the above QA tests

Please let me know if you require anything else regarding this
vulnerability.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

--
G. Branden Robinson | Somewhere, there is a .sig so funny
Debian GNU/Linux | that reading it will cause an
<email address hidden> | aneurysm. This is not that .sig.
http://people.debian.org/~branden/ |

Revision history for this message
In , Martin Schulze (joey-infodrom) wrote :

Branden Robinson wrote:
> The following URL contains source and binary packages for powerpc resolving
> CAN-2005-0605[1], which is described as:
>
> The XPM library's scan.c file may allow attackers to execute arbitrary code
> by crafting a malicious XPM image file containing a negative bitmap_unit
> value that provokes a buffer overflow.

Looks fine, pushed into the buildd network. Thanks a lot!

Regards,

 Joey

--
A mathematician is a machine for converting coffee into theorems. Paul Erdös

Please always Cc to me when replying to me on the lists.

Revision history for this message
In , Branden Robinson (branden) wrote : #298939 should not have been marked fixed by lesstif1-1 NMU

clone 298939 -1
retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CAN-2005-0605
reassign -1 lesstif1-1
# I don't actually know if it's fixed upstream yet in LessTif, but I'm
# guessing it's not.
tag -1 - fixed-upstream
# libxpm4 is not fixed until the security buildds' packages are uploaded.
tag 298939 - fixed
thanks

Hi Joey,

Did you mean to only reference #298939 in your NMU of lesstif1-1? You said
"Closes:", which marked as fixed the bug I filed against libxpm4, which is
not part of lesstif1-1 and is not yet fixed.

I am assuming your closing of #298939 is in error (since it's not
accurate), and cloning a copy of it for CAN-2005-0605's affect of
lesstif1-1.

--
G. Branden Robinson |
Debian GNU/Linux | If ignorance is bliss,
<email address hidden> | is omniscience hell?
http://people.debian.org/~branden/ |

Revision history for this message
In , Joey Hess (joeyh) wrote :

tag 298183 fixed
merge 298183 299236
thanks

Branden Robinson wrote:
> clone 298939 -1
> retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CAN-2005-0605
> reassign -1 lesstif1-1
> # I don't actually know if it's fixed upstream yet in LessTif, but I'm
> # guessing it's not.
> tag -1 - fixed-upstream
> # libxpm4 is not fixed until the security buildds' packages are uploaded.
> tag 298939 - fixed
> thanks
>
> Hi Joey,
>
> Did you mean to only reference #298939 in your NMU of lesstif1-1? You said
> "Closes:", which marked as fixed the bug I filed against libxpm4, which is
> not part of lesstif1-1 and is not yet fixed.
>
> I am assuming your closing of #298939 is in error (since it's not
> accurate), and cloning a copy of it for CAN-2005-0605's affect of
> lesstif1-1.

Sorry, I meant to refer to bug #298183 which was already open on
lesstif1 for the same vulnerability.

--
see shy jo

Revision history for this message
In , Branden Robinson (branden) wrote : cloning another copy of #298939 for xfree86 4.3

clone 298939 -1
reassign -1 libxpm4
retitle 298939 xlibs: new buffer overflow security hole (CAN-2005-0605)
reassign 298939 xlibs
# Per the bug logs, the Debian Security Team has xfree86 4.1.0-16woody6,
# which fixes this. It's also fixed in the X Strike Force Subversion
# repository for XFree86, in branches/4.1.0/woody.
tag 298939 + pending woody
thanks

--
G. Branden Robinson | Any man who does not realize that
Debian GNU/Linux | he is half an animal is only half a
<email address hidden> | man.
http://people.debian.org/~branden/ | -- Thornton Wilder

Revision history for this message
In , Branden Robinson (branden) wrote : tagging 299272

# Automatically generated email from bts, devscripts version 2.8.10
 # fixed in Debian X Strike Force XFree86 repository; to view, run "svn diff -r 2216:2217 svn://necrotic.deadbeast.net/xfree86"
tags 299272 + pending

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #299272 http://bugs.debian.org/299272

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 10 Mar 2005 14:01:37 -0500
From: Branden Robinson <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libxpm4: new buffer overflow security hole (CAN-2005-0605)

Package: libxpm4
Version: 4.3.0.dfsg.1-12
Severity: grave
Tags: security, upstream, fixed-upstream, patch

CAN-2005-0605 indicates that "scan.c for LibXPM may allow attackers to
execute arbitrary code via a negative bitmap_unit value that leads to a
buffer overflow."

Patch is here:

https://bugs.freedesktop.org/attachment.cgi?id=1909

Description is here:

https://bugs.freedesktop.org/show_bug.cgi?id=1920

Gentoo issued an advisory about this on 4 March.

Ubuntu issued an advisory about this on 7 March.

I learned about this from Linux Weekly News.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libxpm4 depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an

-- no debconf information

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 10 Mar 2005 21:17:04 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Cc: Joey Hess <email address hidden>, Sam Hocevar (Debian packages) <email address hidden>
Subject: Fixed in NMU of lesstif1-1 1:0.93.94-11.1

tag 298939 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Mar 2005 16:34:21 -0500
Source: lesstif1-1
Binary: lesstif-bin lesstif2 lesstif-dev lesstif2-dev lesstif-doc lesstif1
Architecture: source i386 all
Version: 1:0.93.94-11.1
Distribution: unstable
Urgency: high
Maintainer: Sam Hocevar (Debian packages) <email address hidden>
Changed-By: Joey Hess <email address hidden>
Description:
 lesstif-bin - user binaries for LessTif
 lesstif-dev - development library and header files for LessTif 1.2
 lesstif-doc - documentation for LessTif
 lesstif1 - OSF/Motif 1.2 implementation released under LGPL
 lesstif2 - OSF/Motif 2.1 implementation released under LGPL
 lesstif2-dev - development library and header files for LessTif 2.1
Closes: 298939
Changes:
 lesstif1-1 (1:0.93.94-11.1) unstable; urgency=HIGH
 .
   * NMU
   * Apply fix for newest libXpm buffer overflows in lesstif1, involving a
     negative bitmap_unit value. Fixed both lesstif1 and lesstif2.
     Closes: #298939 (CAN-2005-0605)
Files:
 a422c21d24213bebb5aa6ea449f27e87 854 libs optional lesstif1-1_0.93.94-11.1.dsc
 411faaae59989c0cc06c5d5c5d1501ed 63754 libs optional lesstif1-1_0.93.94-11.1.diff.gz
 4ebc9aba7278d1f3df41a857122d2817 342808 doc optional lesstif-doc_0.93.94-11.1_all.deb
 316c7354bcda42337f552cd390fc87a0 693384 libs optional lesstif2_0.93.94-11.1_i386.deb
 46d7302f480f98059caac5e9abc9a34c 615744 libs optional lesstif1_0.93.94-11.1_i386.deb
 dea270bc7f7b3cf70f6a24b5b96c5ac9 960352 libdevel optional lesstif2-dev_0.93.94-11.1_i386.deb
 d582252380bc2c493b984522fc4bdd63 829282 libdevel optional lesstif-dev_0.93.94-11.1_i386.deb
 e789bd635bf66bf8d3a9b6f245dea6f8 164350 x11 optional lesstif-bin_0.93.94-11.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCMPcK2tp5zXiKP0wRAlZoAKC3ClOMceDJFcylaiHeovTycZCrQgCePHuf
rp1259h6+vhfnMG6uqFbuoE=
=HdVa
-----END PGP SIGNATURE-----

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (6.9 KiB)

Message-ID: <email address hidden>
Date: Fri, 11 Mar 2005 03:35:32 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: xfree86 4.1.0-16woody6 available to fix CAN-2005-0605

--ONvqYzh+7ST5RsLk
Content-Type: multipart/mixed; boundary="0XMZdl/q8hSSmFeD"
Content-Disposition: inline

--0XMZdl/q8hSSmFeD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

The following URL contains source and binary packages for powerpc resolving
CAN-2005-0605[1], which is described as:

  The XPM library's scan.c file may allow attackers to execute arbitrary co=
de
  by crafting a malicious XPM image file containing a negative bitmap_unit
  value that provokes a buffer overflow.

http://redwald.deadbeast.net/tmp/CAN-2005-0605/

I'm attaching a GPG-signed file, MD5SUMS.txt, that you can use to verify
the download.

This package makes two changes:

1) It applies the purported fix for CAN-2005-0605. I know of no exploit
   for this vulnerability, so I was unable to test this.
2) It fixes the regression in XPM file-writing introduced by the fix for
   CAN-2004-0914 (in -16woody5). I confirmed that saving XPM files in a
   woody environment with -16woody5 with the GIMP didn't work, and that
   upgrading to -16woody6 restored the functionality.

Please also find at the above URL:
* my package build log, xfree86_4.1.0-16woody6_powerpc.build; I built in a
  clean, up-to-date woody chroot
* xfree86_4.1.0-16woody6_qa_install_purge.typescript, a transcript of
  installing and purging these packages in a woody chroot
* xfree86_4.1.0-16woody6_qa_upgrade_downgrade.typescript, a transcript of
  upgrading these packages from -16woody5 and downgrading them back to
  -16woody5 in a woody chroot
* test-x11-packages, the shell script I used to automate the above QA tests

Please let me know if you require anything else regarding this
vulnerability.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0605

--=20
G. Branden Robinson | Somewhere, there is a .sig so funny
Debian GNU/Linux | that reading it will cause an
<email address hidden> | aneurysm. This is not that .sig.
http://people.debian.org/~branden/ |

--0XMZdl/q8hSSmFeD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="MD5SUMS.txt"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dc1bbb9c290e4600aadb70f16a6a5482 test-x11-packages
7eaf6c70e8487b40326858efe9a6cede lbxproxy_4.1.0-16woody6_powerpc.deb
d027aec099ddc53fa7ca9e343c68163e libdps-dev_4.1.0-16woody6_powerpc.deb
7426a90be3e1ab4521a0936c3fd97a9c libdps1-dbg_4.1.0-16woody6_powerpc.deb
2c4328c9b53c408534f5b7e664f34de7 libdps1_4.1.0-16woody6_powerpc.deb
57afc54ca1cb13c8bf2dae55bb6a31ee libxaw6-dbg_4.1.0-16woody6_powerpc.deb
d212615fe6cef3bdf1f6a1dbd43a7c99 libxaw6-dev_4.1.0-16woody6_powerpc.deb
e71a3371682dc101956a645115629c83 libxaw6_4.1.0-16woody6_powerpc.deb
ae63ca1629e7fbd108e2ecf164e03834 libxaw7-dbg_4.1.0-16woody6_powerpc.deb
e4e0b7bdb0455877fe387ff8280cc90a libxaw7-dev_4.1.0-16woody6_powerpc.deb
a4ca4226ecaf5...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 12 Mar 2005 16:44:07 +0100
From: Martin Schulze <email address hidden>
To: Branden Robinson <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: xfree86 4.1.0-16woody6 available to fix CAN-2005-0605

Branden Robinson wrote:
> The following URL contains source and binary packages for powerpc resol=
 ving
> CAN-2005-0605[1], which is described as:
>=20
> The XPM library's scan.c file may allow attackers to execute arbitrar=
 y code
> by crafting a malicious XPM image file containing a negative bitmap_u=
 nit
> value that provokes a buffer overflow.

Looks fine, pushed into the buildd network. Thanks a lot!

Regards,

 Joey

--=20
A mathematician is a machine for converting coffee into theorems. Paul =
Erd=F6s

Please always Cc to me when replying to me on the lists.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 12 Mar 2005 15:37:52 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: #298939 should not have been marked fixed by lesstif1-1 NMU

--FeAIMMcddNRN4P4/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

clone 298939 -1
retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CAN-=
2005-0605
reassign -1 lesstif1-1
# I don't actually know if it's fixed upstream yet in LessTif, but I'm
# guessing it's not.
tag -1 - fixed-upstream
# libxpm4 is not fixed until the security buildds' packages are uploaded.
tag 298939 - fixed
thanks

Hi Joey,

Did you mean to only reference #298939 in your NMU of lesstif1-1? You said
"Closes:", which marked as fixed the bug I filed against libxpm4, which is
not part of lesstif1-1 and is not yet fixed.

I am assuming your closing of #298939 is in error (since it's not
accurate), and cloning a copy of it for CAN-2005-0605's affect of
lesstif1-1.

--=20
G. Branden Robinson |
Debian GNU/Linux | If ignorance is bliss,
<email address hidden> | is omniscience hell?
http://people.debian.org/~branden/ |

--FeAIMMcddNRN4P4/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iEYEARECAAYFAkIzUx8ACgkQ6kxmHytGonxwbwCbBkm9HjpLrupp0pfZUVYRBcZ3
dXoAoI3eOuL3GbLvjQB4QBSyKvGuAKnD
=HlLc
-----END PGP SIGNATURE-----

--FeAIMMcddNRN4P4/--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 12 Mar 2005 17:53:36 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: #298939 should not have been marked fixed by lesstif1-1 NMU

--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tag 298183 fixed
merge 298183 299236
thanks

Branden Robinson wrote:
> clone 298939 -1
> retitle -1 lesstif1-1: copy of libXpm code affected by buffer overflow CA=
 N-2005-0605
> reassign -1 lesstif1-1
> # I don't actually know if it's fixed upstream yet in LessTif, but I'm
> # guessing it's not.
> tag -1 - fixed-upstream
> # libxpm4 is not fixed until the security buildds' packages are uploaded.
> tag 298939 - fixed
> thanks
>=20
> Hi Joey,
>=20
> Did you mean to only reference #298939 in your NMU of lesstif1-1? You sa=
 id
> "Closes:", which marked as fixed the bug I filed against libxpm4, which is
> not part of lesstif1-1 and is not yet fixed.
>=20
> I am assuming your closing of #298939 is in error (since it's not
> accurate), and cloning a copy of it for CAN-2005-0605's affect of
> lesstif1-1.

Sorry, I meant to refer to bug #298183 which was already open on
lesstif1 for the same vulnerability.

--=20
see shy jo

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCM3Lvd8HHehbQuO8RAjI5AKDltf47z7A83wCP8iofuSzDXbY8agCfRa7j
Y7oGURkfv29QQqcBaNWBprI=
=GuJw
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sun, 13 Mar 2005 01:17:38 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>
Subject: cloning another copy of #298939 for xfree86 4.3

--v541l457l4DThMFo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

clone 298939 -1
reassign -1 libxpm4
retitle 298939 xlibs: new buffer overflow security hole (CAN-2005-0605)
reassign 298939 xlibs
# Per the bug logs, the Debian Security Team has xfree86 4.1.0-16woody6,
# which fixes this. It's also fixed in the X Strike Force Subversion
# repository for XFree86, in branches/4.1.0/woody.
tag 298939 + pending woody
thanks

--=20
G. Branden Robinson | Any man who does not realize that
Debian GNU/Linux | he is half an animal is only half a
<email address hidden> | man.
http://people.debian.org/~branden/ | -- Thornton Wilder

--v541l457l4DThMFo
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iEYEARECAAYFAkIz2wIACgkQ6kxmHytGonxj0wCfc9FQb4lgywOY1zwL23qagbBn
U04AmwXen7HYKqf9pPEpzoRYNcH4WzJ+
=0XaN
-----END PGP SIGNATURE-----

--v541l457l4DThMFo--

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sun, 13 Mar 2005 01:56:23 -0500
From: Branden Robinson <email address hidden>
To: <email address hidden>
Subject: tagging 299272

# Automatically generated email from bts, devscripts version 2.8.10
 # fixed in Debian X Strike Force XFree86 repository; to view, run "svn diff -r 2216:2217 svn://necrotic.deadbeast.net/xfree86"
tags 299272 + pending

Revision history for this message
Daniel Stone (daniels) wrote :

fixed in both warty and hoary now

Revision history for this message
In , Branden Robinson (branden) wrote : Regarding xfree86 and CAN-2005-0609

Hi Joey,

xfree86's fix for CAN-2005-0609 has not yet been uploaded to
testing/unstable. I expect to make an upload soon, however; the packages
are currently in preparation, and you can view the current status of the
SVN trunk at:

  http://necrotic.deadbeast.net/svn/xfree86/trunk/

specifically:

  http://necrotic.deadbeast.net/svn/xfree86/trunk/debian/changelog

Please go ahead and do the advisory for woody's xfree86 once you're ready.
I've been working with vorlon regarding 4.3.0.dfsg.1-13, and there's no
reason to expect that release to not fix CAN-2005-0609.

--
G. Branden Robinson | Suffer before God and ye shall be
Debian GNU/Linux | redeemed. God loves us, so He
<email address hidden> | makes us suffer Christianity.
http://people.debian.org/~branden/ | -- Aaron Dunsmore

Revision history for this message
In , Martin Schulze (joey-infodrom) wrote :

Branden Robinson wrote:
> Hi Joey,
>
> xfree86's fix for CAN-2005-0609 has not yet been uploaded to
> testing/unstable. I expect to make an upload soon, however; the packages
> are currently in preparation, and you can view the current status of the
> SVN trunk at:
>
> http://necrotic.deadbeast.net/svn/xfree86/trunk/
>
> specifically:
>
> http://necrotic.deadbeast.net/svn/xfree86/trunk/debian/changelog
>
> Please go ahead and do the advisory for woody's xfree86 once you're ready.
> I've been working with vorlon regarding 4.3.0.dfsg.1-13, and there's no
> reason to expect that release to not fix CAN-2005-0609.

Understood. Do you want me to write that it'll be fixed in 4.3.0.dfsg.1-13
or should I write that it will be fixed soon?

Regards,

 Joey

--
If nothing changes, everything will remain the same. -- Barne's Law

Please always Cc to me when replying to me on the lists.

Revision history for this message
In , Branden Robinson (branden) wrote :

Joey,

You can write in the xfree86 DSA for CAN-2005-0609 that the sarge/sid
vulnerability will be fixed by xfree86 4.3.0.dfsg.1-13, which is currently
in preparation.

--
G. Branden Robinson | Never underestimate the power of
Debian GNU/Linux | human stupidity.
<email address hidden> | -- Robert Heinlein
http://people.debian.org/~branden/ |

Revision history for this message
In , Fabio Massimo Di Nitto (fabbione) wrote : Bug#299272: fixed in xfree86 4.3.0.dfsg.1-13
Download full text (34.3 KiB)

Source: xfree86
Source-Version: 4.3.0.dfsg.1-13

We believe that the bug you reported is fixed in the latest version of
xfree86, which is due to be installed in the Debian FTP archive:

lbxproxy_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-13_i386.deb
libdps-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-13_i386.deb
libdps1-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-13_i386.deb
libdps1_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libdps1_4.3.0.dfsg.1-13_i386.deb
libice-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libice-dev_4.3.0.dfsg.1-13_i386.deb
libice6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-13_i386.deb
libice6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libice6_4.3.0.dfsg.1-13_i386.deb
libsm-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-13_i386.deb
libsm6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-13_i386.deb
libsm6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libsm6_4.3.0.dfsg.1-13_i386.deb
libx11-6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-13_i386.deb
libx11-6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libx11-6_4.3.0.dfsg.1-13_i386.deb
libx11-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-13_i386.deb
libxaw6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-13_i386.deb
libxaw6-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-13_i386.deb
libxaw6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw6_4.3.0.dfsg.1-13_i386.deb
libxaw7-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-13_i386.deb
libxaw7-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-13_i386.deb
libxaw7_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxaw7_4.3.0.dfsg.1-13_i386.deb
libxext-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-13_i386.deb
libxext6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-13_i386.deb
libxext6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxext6_4.3.0.dfsg.1-13_i386.deb
libxft1-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-13_i386.deb
libxft1_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxft1_4.3.0.dfsg.1-13_i386.deb
libxi-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-13_i386.deb
libxi6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-13_i386.deb
libxi6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxi6_4.3.0.dfsg.1-13_i386.deb
libxmu-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-13_i386.deb
libxmu6-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-13_i386.deb
libxmu6_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxmu6_4.3.0.dfsg.1-13_i386.deb
libxmuu-dev_4.3.0.dfsg.1-13_i386.deb
  to pool/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-13_i386.deb
libxmuu1-dbg_4.3.0.dfsg.1-13_i386.deb
  to pool...

Bug Watch Updater (bug-watch-updater)
Changed in libxpm:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.