-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 14:46:37 +0200
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: amd64
Version: 2:21.1.7-3+deb12u10
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * render: Avoid 0 or less animated cursors (CVE-2025-49175)
   * os: Do not overflow the integer size with BigRequest (CVE-2025-49176)
   * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177)
   * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178)
   * record: Check for overflow in RecordSanityCheckRegisterClients()
     (CVE-2025-49179)
   * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180)
   * xfree86: Check for RandR provider functions (CVE-2025-49180)
   * os: Check for integer overflow on BigRequest length (CVE-2025-49176)
Checksums-Sha1:
 36826fec11b68f287aa76bb009764846178f6aec 2682372 xnest-dbgsym_21.1.7-3+deb12u10_amd64.deb
 164bd57ce06a94e95766bc06eb7bcd692edc4f0b 3013876 xnest_21.1.7-3+deb12u10_amd64.deb
 63080e8b6e8c9c5125433a299601f213525dca97 14895 xorg-server_21.1.7-3+deb12u10_amd64-buildd.buildinfo
 2e8daf09ad930fe9270ee69c1a857d6798980be8 3958376 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_amd64.deb
 4db0d022715e5901b89b06f6ec1c796938d144b1 3293704 xserver-xephyr_21.1.7-3+deb12u10_amd64.deb
 a4e1a83731f04b77f4020b720f132c396e69213f 5801096 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_amd64.deb
 2861cf45ed6a82abc2d3fa66e8312ac54ea75b0a 974480 xserver-xorg-core-udeb_21.1.7-3+deb12u10_amd64.udeb
 eaa21341b951a8205900e7a5b87b67ade389f59b 3720848 xserver-xorg-core_21.1.7-3+deb12u10_amd64.deb
 cec01452049223b53b963b5cf10ed2dd75b44f73 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_amd64.deb
 46ddda59984994fe71417b3313284296ff87df56 8892 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_amd64.deb
 abd5fe73aa59db71658129d2c5f21d03044337fc 2388756 xserver-xorg-legacy_21.1.7-3+deb12u10_amd64.deb
 3e614c7e52b9feceff2aafe79b96645426de1641 3272752 xvfb-dbgsym_21.1.7-3+deb12u10_amd64.deb
 e4c8108a09da77a345574b99a848162469361e32 3152292 xvfb_21.1.7-3+deb12u10_amd64.deb
Checksums-Sha256:
 517ef35ad0c3762b7e648aa985d9547dda0fe0d070ecf7ba1efc875ffb3d15db 2682372 xnest-dbgsym_21.1.7-3+deb12u10_amd64.deb
 264afbbc6fb2eaf28510a2cae04c54153ea6c0f1c4aa0adae70545828ba09e14 3013876 xnest_21.1.7-3+deb12u10_amd64.deb
 5486f1c58843a297557a32a8e561b274d09a5a97e17794fa9161d97fb65c2f72 14895 xorg-server_21.1.7-3+deb12u10_amd64-buildd.buildinfo
 ea13bf41968146bfc11e685ba09df8d933c6e4dcbc1e18501cbac38e66474881 3958376 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_amd64.deb
 312f04b9179baea78c108c777e53dd8f4d1946fe649eb68cc67d10a3c4bc923d 3293704 xserver-xephyr_21.1.7-3+deb12u10_amd64.deb
 b16a789195a25f2d1b93e1eb3c441455bf99eefff45f33d1efe2d41395f8a127 5801096 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_amd64.deb
 85385b2964682c0bbe483776a2c0384997b6e8b14f0912bac7c384d736e15466 974480 xserver-xorg-core-udeb_21.1.7-3+deb12u10_amd64.udeb
 23f4a12703d448b7d1f5d208eeb5e5d8e62cd4a99ab9ddae9cdce92ac772f643 3720848 xserver-xorg-core_21.1.7-3+deb12u10_amd64.deb
 0176b19e47dc4c5f0d21ffa7454e411952e1b81d1594ca90964736da1c4f53cc 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_amd64.deb
 ba11d0bc023e17bfe64f428a45a18a8b332d7aae001cbc36d496d79d10edc8d0 8892 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_amd64.deb
 359d55197a99234c5b594a5eda5e5be0d5c0b873954b6156f9ab343f37ce739e 2388756 xserver-xorg-legacy_21.1.7-3+deb12u10_amd64.deb
 90efa275d0e4cc63a0134ea24cf45e17b0e49e7380b450a3f684f11c50979dd7 3272752 xvfb-dbgsym_21.1.7-3+deb12u10_amd64.deb
 248d49b90636158232d629acf8bb04f83327462a594b2def11bb974853e998c1 3152292 xvfb_21.1.7-3+deb12u10_amd64.deb
Files:
 c13db113ff400425fee22d52f2a1ba81 2682372 debug optional xnest-dbgsym_21.1.7-3+deb12u10_amd64.deb
 f8db0df71e961a961e2806a57433e05f 3013876 x11 optional xnest_21.1.7-3+deb12u10_amd64.deb
 64e60bb3825c9fac19b2da36d87e5f8f 14895 x11 optional xorg-server_21.1.7-3+deb12u10_amd64-buildd.buildinfo
 3ec0029696b9d63ebbaf02aa9bac9c26 3958376 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u10_amd64.deb
 7d6f4d9a0fa1741a0de290dc58b0de4c 3293704 x11 optional xserver-xephyr_21.1.7-3+deb12u10_amd64.deb
 7b9c8074842a4fe2df3eaa8657d201d3 5801096 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_amd64.deb
 9e6a379f57a2f02dec6835861632732d 974480 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u10_amd64.udeb
 013d2bed1e6c0a4b6aea57627a265c69 3720848 x11 optional xserver-xorg-core_21.1.7-3+deb12u10_amd64.deb
 3cd4e14616c58b336b764764d945a4c4 2554680 x11 optional xserver-xorg-dev_21.1.7-3+deb12u10_amd64.deb
 1041637a1a98392ba20955d2f1d8dd52 8892 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_amd64.deb
 420942c1458fc9e64b2f3cb2554cf9d3 2388756 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u10_amd64.deb
 7c3fc36864734817d681d46613877fa8 3272752 debug optional xvfb-dbgsym_21.1.7-3+deb12u10_amd64.deb
 723990a566a7bf1a0466442d257d8a12 3152292 x11 optional xvfb_21.1.7-3+deb12u10_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmhVd94ACgkQEbCLukZn
24oHFQ//VYC6DVceD7iwfYvaRCOEI5Mp6JCYZUfWegDnCldu1YjK1Vc20wDeeJLm
gQqn8/gBI78iaUzHpYEsqU2VUEirAHjX+7K3wpw4OZxFMkKNF+Ww+4AB+TkKVtNe
8j0R0/M1oFUM1+2KZIMaTCxVg1zPbCtZx+zp24f/4NBVXDtboehQTVlHtDtBoJvO
hDdAhBmeFhYhcf+bePs3BknfBeBxruvEmwd/KcP3dqLy4b0DTxCZavrmorOOeE9Q
/15MYrq7tbQfsO4RxzUNgY9rCOWNy6eiSdsuixvCqGLnMDsfMBTqAaP5rpC/K3hp
93crWscro6d5OJL9UZUZ3iWwkZy+KewlHMAPSOs3bUHcE3avGdybaymRP7yn98gL
lLMvpS1PHbhrilkNaWQcej6EwshHj+Y6z3/CpirqkLVNvbSK/iuUJ7Fi8N03gzrr
1h1WSRFVA5dkCXz1zi+iR8a6xweYzgSw5kgGmCrtui+xNC2AMSINLA+n94HY5PSf
vS6oEMJDpca2mzt5cm60UODjGacQl0k3x6RjWHkG8FczU9iJ5Jvvr/YE1VMlazeH
M1Cxu0ZO7GRWodwayRLwBLD12xiweHWYYvY5HJZOmEeAOJiPKBzvCIZ6vuUbwTbn
oaExVllDdtxkzDN5BkKIFQ5+2gYzmtE93607T5XfaZqPTlNYvpw=
=PjWc
-----END PGP SIGNATURE-----