Installed xfree86v3 3.3.6-31 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.6
Date: Wed, 7 Feb 2001 18:26:18 -0500
Source: xfree86v3
Binary: xserver-svga xserver-p9000 xserver-mach8 xlib6 xserver-8514 xext xserver-s3 xserver-mach32 xlib6-altdev xserver-common-v3 xserver-agx
Architecture: source i386
Version: 3.3.6-31
Distribution: unstable
Urgency: high
Maintainer: Branden Robinson <branden@debian.org>
Description:
xext - extensions to XFree86 3.x servers
xlib6 - shared libraries required by libc5 X clients
xlib6-altdev - include files and libraries for libc5 X client development
xserver-8514 - X server for ATI 8514/A-based graphics cards
xserver-agx - X server for IBM XGA and IIT AGX-based graphics cards
xserver-common-v3 - files and utilities common to XFree86 3.x X servers
xserver-mach32 - X server for ATI Mach32-based graphics cards
xserver-mach8 - X server for ATI Mach8-based graphics cards
xserver-p9000 - X server for Weitek P9000-based graphics cards
xserver-s3 - X server for S3 chipset-based graphics cards
xserver-svga - X server for SVGA graphics cards
Changes:
xfree86v3 (3.3.6-31) unstable; urgency=HIGH
.
* upstream fix #09: security issues
- fix for XC-SECURITY denial-of-service attack
- fix for potential stack smash in Xlib's _XAsyncReply()
- fix for insecure tempfile handling in Xaw's AsciiSrc and MultiSrc
widgets
- fix for insecure tempfile handling in imake's glibc detection
- fix for insecure tempfile handling in imake's manpage install rules
* patch #052: Xlib's OpenDis.c file from XFree86 4.0.2, which addresses
several security issues caused by bogus protocol replies from rogue X
servers:
- fix for denial-of-service attack caused by a resource mask of zero
- fix for potential stack smash caused by oversized vendor string length
- fix for potential stack smash caused by nonsensical setup length
- fix for potential stack smash caused by deceptive number of items in
reply
Note that Debian already had patches to fix the above 4 problems (since
3.3.6-11potato15 and 3.3.6-15).
* patch #065: removed; obsoleted by new patch #052
* debian/xserver/config:
- change occurences of "xserver-xfree86" in template names to
"shared/xfree86v3", D'OH! (thanks, Jeff Licquia)
- major workaround for debconf 0.3.83's shared template handling
(thanks, Jeff Licquia)
- add readlink() function, and ask question about clobbering the
symlink to the default X server
* debian/xserver/postinst:
- only change X server symlink if the default X server was not
autoselected by debconf itself, in the case where the shared template
has only one value (thanks, Jeff Licquia)
- if the /etc/X11/X symlink points to the X server wrapper, remove the
symlink, since this would cause an infinite loop
- tell people when we write the X server config file
Files:
ce1aab0d0914d64735e6fe0a0b378219 797 x11 optional xfree86v3_3.3.6-31.dsc
ee4e1ccdac16291011a3a152c17b9039 697401 x11 optional xfree86v3_3.3.6-31.diff.gz
1642392c9a3e4321612c100d22535ca3 795798 oldlibs optional xlib6_3.3.6-31_i386.deb
a89dc61134d05b761d7543b68101a75a 1317004 oldlibs optional xlib6-altdev_3.3.6-31_i386.deb
59eb745ad8a4c5f1e26c0aeea0a5b68f 480114 x11 optional xext_3.3.6-31_i386.deb
02c3356a43b98d63a6c0dde9f3204d57 321580 x11 optional xserver-common-v3_3.3.6-31_i386.deb
2045ed7ab29ba06c3b16ec879c27a9b1 747692 x11 optional xserver-8514_3.3.6-31_i386.deb
0fe89bed4eeb52e6a7b94110d89787f0 822290 x11 optional xserver-agx_3.3.6-31_i386.deb
c4293b3444d3a14b85f88fd4eaceed2d 809566 x11 optional xserver-mach32_3.3.6-31_i386.deb
7e5da5f7a3b1d66fa5f16f778bc0d978 751508 x11 optional xserver-mach8_3.3.6-31_i386.deb
2be63f621a7a51590b9742de770f99f5 830530 x11 optional xserver-p9000_3.3.6-31_i386.deb
71bbe9b4f3bd33815a895a83d4ef4776 1013740 x11 optional xserver-s3_3.3.6-31_i386.deb
e9a18266e9e936bc2fb04c33ac5aad49 1344194 x11 optional xserver-svga_3.3.6-31_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjqC52AACgkQ6kxmHytGonwwHQCeJrJDxsIvCsRirYwkj77IC5y/
KeUAn3H3ueuLKyQ5xPxMUl4jwcGFJz/P
=qZYN
-----END PGP SIGNATURE-----
Installed:
xserver-svga_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-svga_3.3.6-31_i386.deb
xserver-agx_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-agx_3.3.6-31_i386.deb
xserver-mach32_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-mach32_3.3.6-31_i386.deb
xlib6-altdev_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xlib6-altdev_3.3.6-31_i386.deb
xlib6_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xlib6_3.3.6-31_i386.deb
xserver-s3_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-s3_3.3.6-31_i386.deb
xfree86v3_3.3.6-31.dsc
to pool/main/x/xfree86v3/xfree86v3_3.3.6-31.dsc
xserver-p9000_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-p9000_3.3.6-31_i386.deb
xext_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xext_3.3.6-31_i386.deb
xserver-common-v3_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-common-v3_3.3.6-31_i386.deb
xserver-mach8_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-mach8_3.3.6-31_i386.deb
xfree86v3_3.3.6-31.diff.gz
to pool/main/x/xfree86v3/xfree86v3_3.3.6-31.diff.gz
xserver-8514_3.3.6-31_i386.deb
to pool/main/x/xfree86v3/xserver-8514_3.3.6-31_i386.deb
Reply to: