From 3dbefaec8ed5de7f6623923d33e8eb86dd42a358db174d13363dc49768ad1b87 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch Date: Tue, 3 Oct 2023 20:48:43 +0000 Subject: [PATCH] - Update to 3.5.17 * This release contains fixes for the libXpm issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (boo#1215686) * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap (boo#1215687) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/libXpm?expand=0&rev=31 --- libXpm-3.5.16.tar.xz | 3 --- libXpm-3.5.16.tar.xz.sig | Bin 215 -> 0 bytes libXpm-3.5.17.tar.xz | 3 +++ libXpm-3.5.17.tar.xz.sig | Bin 0 -> 566 bytes libXpm.changes | 12 ++++++++++++ libXpm.spec | 2 +- 6 files changed, 16 insertions(+), 4 deletions(-) delete mode 100644 libXpm-3.5.16.tar.xz delete mode 100644 libXpm-3.5.16.tar.xz.sig create mode 100644 libXpm-3.5.17.tar.xz create mode 100644 libXpm-3.5.17.tar.xz.sig diff --git a/libXpm-3.5.16.tar.xz b/libXpm-3.5.16.tar.xz deleted file mode 100644 index 677840e..0000000 --- a/libXpm-3.5.16.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e6bc5da7a69dbd9bcc67e87c93d4904fe2f5177a0711c56e71fa2f6eff649f51 -size 469020 diff --git a/libXpm-3.5.16.tar.xz.sig b/libXpm-3.5.16.tar.xz.sig deleted file mode 100644 index 316efddf5a1c0f067d356cbb960b8dde3b6f6385dda1c5e4989963f59acde1c8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 215 zcmeCU%EBPV#ZW7z$P%|+k!4ofj-@`QrGKq?ty#h|%Wpa>Q;O}1gm{q#1|ZO5(8w$< zE=?`cO)DsJ$jdKDEXmBzE7r>|NX;uqFVIWNOe@LA$S*2R%}vbH%S$aWb#-(zGBhx; zbhI#YvT!stadvhxbaHcabar(zvNSg_aJFV{0u_`&)Nr{Np-4pU1tMZ|9(-oJ=Lv3;tfceG{AR2BwjW?r$dc<=5Qa3 zX}8-~8UP+=9c}ldTLC+nrhY0wrQTHv?xchej7O5ra7}b#VuiqtRqXnP*Op@HcGgSIl1_Q?qyI~)DE*6O#5O7U1I4#?48vZ*$NWiIzlMd|7*jG?j+qin(< z;-dK@SZ5yr6KsUAy~E{$%3j(mIAbsI5WSR(HuYQL!SE{;AS~n!^gXYescQ|i5+623 zSfIV_|Ey@jNJ)}(X#vLT0#cui7jzHSG}qg=$hFlxI1gBcT{RoR1RJhnnvwd!rKl;l zCpe@7{(J4_2T`x=1WB|+!n=)R7EtMcg~dh0mlYKJN%_^ee!1)6y|BF}Us)w@lmC`k z4-NjON{P2baG9X(gPQRFSB&g2kqL^YiL3oMI9|>wG9a!|%qN3saDtAUjg@6u3{{?A z?ZG3Rynqvx-6qLnfdMTthUVy?J}P!&?CVXNB5yfc!<)?@;47$^vN2F>Z3ZT|UJSuB z>WA7(t%E}dCQDrR2_`{BTFZ~5iMiCuN(Rfu_HUFZwRv~!1y29At5dmzQ*I)G8Q7Jt zzt~Cano7eL*X3%$1n5tlhOBX$z EaXJ1D{Qv*} literal 0 HcmV?d00001 diff --git a/libXpm.changes b/libXpm.changes index 3a3f4d6..40776a9 100644 --- a/libXpm.changes +++ b/libXpm.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Oct 3 20:43:14 UTC 2023 - Stefan Dirsch + +- Update to 3.5.17 + * This release contains fixes for the libXpm issues reported in + security advisory here: + https://lists.x.org/archives/xorg-announce/2023-October/003424.html + * fixes CVE-2023-43788 libXpm: out of bounds read in + XpmCreateXpmImageFromBuffer() (boo#1215686) + * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with + corrupted colormap (boo#1215687) + ------------------------------------------------------------------- Tue Apr 18 11:28:16 UTC 2023 - Stefan Dirsch diff --git a/libXpm.spec b/libXpm.spec index 4c4d4c9..822202d 100644 --- a/libXpm.spec +++ b/libXpm.spec @@ -18,7 +18,7 @@ %define lname libXpm4 Name: libXpm -Version: 3.5.16 +Version: 3.5.17 Release: 0 Summary: X Pixmap image file format library License: MIT