diff --git a/libXpm-3.5.16.tar.xz b/libXpm-3.5.16.tar.xz deleted file mode 100644 index 677840e..0000000 --- a/libXpm-3.5.16.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e6bc5da7a69dbd9bcc67e87c93d4904fe2f5177a0711c56e71fa2f6eff649f51 -size 469020 diff --git a/libXpm-3.5.16.tar.xz.sig b/libXpm-3.5.16.tar.xz.sig deleted file mode 100644 index 316efdd..0000000 Binary files a/libXpm-3.5.16.tar.xz.sig and /dev/null differ diff --git a/libXpm-3.5.17.tar.xz b/libXpm-3.5.17.tar.xz new file mode 100644 index 0000000..576a260 --- /dev/null +++ b/libXpm-3.5.17.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64b31f81019e7d388c822b0b28af8d51c4622b83f1f0cb6fa3fc95e271226e43 +size 468964 diff --git a/libXpm-3.5.17.tar.xz.sig b/libXpm-3.5.17.tar.xz.sig new file mode 100644 index 0000000..d0443dd Binary files /dev/null and b/libXpm-3.5.17.tar.xz.sig differ diff --git a/libXpm.changes b/libXpm.changes index 3a3f4d6..40776a9 100644 --- a/libXpm.changes +++ b/libXpm.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Oct 3 20:43:14 UTC 2023 - Stefan Dirsch + +- Update to 3.5.17 + * This release contains fixes for the libXpm issues reported in + security advisory here: + https://lists.x.org/archives/xorg-announce/2023-October/003424.html + * fixes CVE-2023-43788 libXpm: out of bounds read in + XpmCreateXpmImageFromBuffer() (boo#1215686) + * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with + corrupted colormap (boo#1215687) + ------------------------------------------------------------------- Tue Apr 18 11:28:16 UTC 2023 - Stefan Dirsch diff --git a/libXpm.spec b/libXpm.spec index 4c4d4c9..822202d 100644 --- a/libXpm.spec +++ b/libXpm.spec @@ -18,7 +18,7 @@ %define lname libXpm4 Name: libXpm -Version: 3.5.16 +Version: 3.5.17 Release: 0 Summary: X Pixmap image file format library License: MIT