-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 14:46:37 +0200
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: arm64
Version: 2:21.1.7-3+deb12u10
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * render: Avoid 0 or less animated cursors (CVE-2025-49175)
   * os: Do not overflow the integer size with BigRequest (CVE-2025-49176)
   * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177)
   * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178)
   * record: Check for overflow in RecordSanityCheckRegisterClients()
     (CVE-2025-49179)
   * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180)
   * xfree86: Check for RandR provider functions (CVE-2025-49180)
   * os: Check for integer overflow on BigRequest length (CVE-2025-49176)
Checksums-Sha1:
 c20b05adeef8a2f4b691153ad6277a996952a950 2643568 xnest-dbgsym_21.1.7-3+deb12u10_arm64.deb
 3d2e5cdc1e7b956d758f1e5770f56e581dff91ea 2962464 xnest_21.1.7-3+deb12u10_arm64.deb
 20aaeb3652ce5f0b2e821b980eb8c68e8bcd838d 14966 xorg-server_21.1.7-3+deb12u10_arm64-buildd.buildinfo
 02df6a44bd20a8f72ca98a08e16b6f2a2282cbc2 3880940 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_arm64.deb
 8e599eea2740b2d283e006cc28b2eff85fb0178e 3205132 xserver-xephyr_21.1.7-3+deb12u10_arm64.deb
 b03941917838f5745624678101f7cd293e19b427 5717780 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_arm64.deb
 f6fa2f60f5e47d5839f4e781e444be44b986057e 882984 xserver-xorg-core-udeb_21.1.7-3+deb12u10_arm64.udeb
 abdddf885c6aa632b63e391bed46e89ffb95d80c 3590948 xserver-xorg-core_21.1.7-3+deb12u10_arm64.deb
 4cd73f5fb482d096f2da9a93ad34608d4d7cd65b 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_arm64.deb
 2cee9d05ab6d9debfc117895581b91c6f19853f4 9464 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_arm64.deb
 939cd105ccbc3a2830848070c41e8be2c5c94559 2388676 xserver-xorg-legacy_21.1.7-3+deb12u10_arm64.deb
 35debb0ca96f29cf1a230614575499bbc92dedb1 3206484 xvfb-dbgsym_21.1.7-3+deb12u10_arm64.deb
 1ab0bee754a8e7ab495c9f6c373841acee4890a0 3082968 xvfb_21.1.7-3+deb12u10_arm64.deb
Checksums-Sha256:
 022a9ae01dd0c4fde70769fb66454690b9cf17686ad35fdb83245c3401a82491 2643568 xnest-dbgsym_21.1.7-3+deb12u10_arm64.deb
 0af64879abe85f198e92f41b385d822df67c21636ba85bf0da87f5f35424f2bd 2962464 xnest_21.1.7-3+deb12u10_arm64.deb
 ff3ee210fb5f29b168731374512466afed05633b7d42defd636aebdc94c7ed9b 14966 xorg-server_21.1.7-3+deb12u10_arm64-buildd.buildinfo
 92603c902dbb032322040fdaabebde01992cdd5033420e3f1c5cb0c3f9f2c0a1 3880940 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_arm64.deb
 045c3d95c27f032445142c2b5f441d0f26b7bf36b84ce4ba4d19d21aa61c8890 3205132 xserver-xephyr_21.1.7-3+deb12u10_arm64.deb
 ddec1471d50432c3ef0cdcfcf607f99401cb63724d9309fc033172e7ad725f0b 5717780 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_arm64.deb
 73d010ee9a3ede898e504fd6b0e198f90a3580e2f337aacf9ddc3f42c84ee41d 882984 xserver-xorg-core-udeb_21.1.7-3+deb12u10_arm64.udeb
 9a919d6f305570613080052b21f901883e3e247e7e111f1366fa6f39a1262838 3590948 xserver-xorg-core_21.1.7-3+deb12u10_arm64.deb
 8c9dbeceb163a74d167c4c7c3712e0afe8a2b3e08a52b854124dadb40c8d218d 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_arm64.deb
 b9b2734101b6442002744356229c182d7202e1f5dbd2276cdffde5c9552e445f 9464 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_arm64.deb
 615af6263ad5eca4741d79509cebda0a035585b4a073664416e23b37f3f788ff 2388676 xserver-xorg-legacy_21.1.7-3+deb12u10_arm64.deb
 5f6b773edf3503a829b61f011161310e051284bcda1bbb9072187483ce86adc4 3206484 xvfb-dbgsym_21.1.7-3+deb12u10_arm64.deb
 b947fb01586b6c334c1cece355ca3694c75fd328605b74b8bac75d8ebafe9695 3082968 xvfb_21.1.7-3+deb12u10_arm64.deb
Files:
 1ea25e9e931fef32f3b81321961e01d6 2643568 debug optional xnest-dbgsym_21.1.7-3+deb12u10_arm64.deb
 99f4cf83eca7c0d33f2f93bf714a40eb 2962464 x11 optional xnest_21.1.7-3+deb12u10_arm64.deb
 1a8826443dbad80b8f689828a39f1c34 14966 x11 optional xorg-server_21.1.7-3+deb12u10_arm64-buildd.buildinfo
 22b0dcfb396194b1dae1ceae140c3686 3880940 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u10_arm64.deb
 967e8734ba8c51bf2254c03cf234d8d2 3205132 x11 optional xserver-xephyr_21.1.7-3+deb12u10_arm64.deb
 fbaa4f0940efb20c59972da411b298a1 5717780 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_arm64.deb
 e3193fbb4b8bcf4aee22395dd773e4c3 882984 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u10_arm64.udeb
 5a73715fe7cc8b39396919306ef4967f 3590948 x11 optional xserver-xorg-core_21.1.7-3+deb12u10_arm64.deb
 e58c6eca2e7581f8894c822de3f79330 2554680 x11 optional xserver-xorg-dev_21.1.7-3+deb12u10_arm64.deb
 7aa3a49f509a81ef37f8533c0adbc0dc 9464 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_arm64.deb
 fc0e8feea01fd28c8ea55a6ec52deb28 2388676 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u10_arm64.deb
 fe5c25e54e8eca026bcf6607f9ff7333 3206484 debug optional xvfb-dbgsym_21.1.7-3+deb12u10_arm64.deb
 4a22c8ad6d2a2abee8b47bdb167899e7 3082968 x11 optional xvfb_21.1.7-3+deb12u10_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmhVewMACgkQCr/D/stJ
kDwo6w/9E/NsOmudyoYIWheuYL1rl59sLisUei8+3Jd1YqgI1I7sHjfKJJPIuHCr
rvq64wBnYJiXk2uXgm7tU/QlyRMjt+ejoJ38jnyJDvdmo0GxJOfjyi5BknjJGBCZ
KX5Ayca4CrwlIaC7j/h1oqP9X0y6OWC2aAe6ixTu0JUVLnbA/z/4pAwR0ImWa/ld
KMcuycgNXGlX7OCQ8v8Fq0McLkFdB0KGduD526YEmjNugO79pTlEkS+rCs+wmSMK
NBfqUdg5/EmqhLcktFX0cAnS2YkFsQVBu1t02bxmniJtnWPMNbeudAPvzvX7JSjR
8FdXoapwkBgMcpcIxn0kMhfgTy393caA7OYBdGRa0cWUM7Nf0J0vTZi6wWo3CB2b
NyHmvNZoHpYslnaazrX2t8J5nUsFPTCcv4plJysM8mfQFlYkYOFSg8EcIv3GX9on
0faRv+T4i2kerrVwF8H/niqyIY+WL3/AOjtTjcvANrUjJRTHY3v3Nl5vz79lTYpY
US/VupQmtWbHo8/3RwTrPboTRrB/njt26hNgcKyop+ablNKogN46Dn8qCpa/kCD9
qZgpU//Puyj0U9hAjBzDLAz/h1IuR50E5QmIQU3s1GMl2MS1w5u/nLkPM+eD7iUa
mpdRdqcWaeIujSfVbIIDioLS0ySBhvAUg5Nv34NgQd+jlI9ZK0Y=
=2Jka
-----END PGP SIGNATURE-----