-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 14:46:37 +0200
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: armel
Version: 2:21.1.7-3+deb12u10
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * render: Avoid 0 or less animated cursors (CVE-2025-49175)
   * os: Do not overflow the integer size with BigRequest (CVE-2025-49176)
   * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177)
   * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178)
   * record: Check for overflow in RecordSanityCheckRegisterClients()
     (CVE-2025-49179)
   * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180)
   * xfree86: Check for RandR provider functions (CVE-2025-49180)
   * os: Check for integer overflow on BigRequest length (CVE-2025-49176)
Checksums-Sha1:
 d9eff4fffbf3c89776255f4af64c99f2c3dfed48 2625580 xnest-dbgsym_21.1.7-3+deb12u10_armel.deb
 3646d96b3a1592abecfef7b10d9eed36a182b7af 2899848 xnest_21.1.7-3+deb12u10_armel.deb
 db8889c433991ef2454c01ce2cabe92b82677a9e 14839 xorg-server_21.1.7-3+deb12u10_armel-buildd.buildinfo
 6d7c9bd60f812d024933fde966d1df9acc41ebd6 3856056 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_armel.deb
 a5e10d471b3337bca6194aa70c0a6f5be46a863b 3123528 xserver-xephyr_21.1.7-3+deb12u10_armel.deb
 b459a38e7d01edeb83a2dd0df5655d6ece507197 5627752 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_armel.deb
 2d4e261d837d0d39abe885d431da42db387b6cca 800060 xserver-xorg-core-udeb_21.1.7-3+deb12u10_armel.udeb
 f7d66eba9d675af416ad2211378063f5b768b057 3468176 xserver-xorg-core_21.1.7-3+deb12u10_armel.deb
 f0f9b0a21184364474dce6cc0489d8702a9d98d6 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_armel.deb
 ee332b74bc5429eadcdfe9266f3c3caae6b889eb 9376 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_armel.deb
 6d3e9d5d6df5601d299ecb7c3824ff0f8aa98837 2388576 xserver-xorg-legacy_21.1.7-3+deb12u10_armel.deb
 67c59f30affb18616ccbcc060da359d83b940fbb 3189060 xvfb-dbgsym_21.1.7-3+deb12u10_armel.deb
 4612d37c76e0f3c1631a748e9ce9cd5d70826b54 3009464 xvfb_21.1.7-3+deb12u10_armel.deb
Checksums-Sha256:
 3a6654aa6b635050d8c195ccbd118bdebf4917e610f11161afa9aad50aad4580 2625580 xnest-dbgsym_21.1.7-3+deb12u10_armel.deb
 4cc39190fe7fe0c3f5dc5aeaf6883964eaa8db8a60b171d6cb8bfcaa1a348326 2899848 xnest_21.1.7-3+deb12u10_armel.deb
 e0e391cff77e29efc25d410ba6cd0cbb1cb40605fcd4d804eec8ceb3274ec650 14839 xorg-server_21.1.7-3+deb12u10_armel-buildd.buildinfo
 c3c04973837072112d31983bcf6cd69aa67bc16a6ee6bacdda93a5a4f0565ce2 3856056 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_armel.deb
 1a883a8b9c718465a2ad95a50b7124de94bbc17e26a556557f8e7383e08d2a3b 3123528 xserver-xephyr_21.1.7-3+deb12u10_armel.deb
 60b865bd9565fc894023b9eb89212d0ef519ee6074b777de8e3ce63884d67d53 5627752 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_armel.deb
 bbe050f567750ea75c92a26a18a984789eecc84683b031ad9c3d78b68ecd9775 800060 xserver-xorg-core-udeb_21.1.7-3+deb12u10_armel.udeb
 da20f8f48ae4bce389f91266003bc2b20d3c77034654e9bdd9ee9ab7dfdf4404 3468176 xserver-xorg-core_21.1.7-3+deb12u10_armel.deb
 c3aecfe057beba8fe970626ebe4d962e6ea8d90b70f99a1ca0e7aab1d7206726 2554680 xserver-xorg-dev_21.1.7-3+deb12u10_armel.deb
 4f7fbd44ed38aab76fc2ce426755051bf9cfc7ab3acb023a6232ffd057ed3c62 9376 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_armel.deb
 f58052bea2c7d39b4ac0d63741ce772839a9be8b9881c92b81edab800f10d63a 2388576 xserver-xorg-legacy_21.1.7-3+deb12u10_armel.deb
 c5446a4ebc3f06a97d338d97384e6df2cb967641658be75ae274489c458cc2b6 3189060 xvfb-dbgsym_21.1.7-3+deb12u10_armel.deb
 7efb9afff502f1395738b284f2cdf795396afd0261e6b7ebf33041de7965fd9a 3009464 xvfb_21.1.7-3+deb12u10_armel.deb
Files:
 4e8f4177ad036e512674569e008f0458 2625580 debug optional xnest-dbgsym_21.1.7-3+deb12u10_armel.deb
 8e7070d2545930ca667e37b8aea42721 2899848 x11 optional xnest_21.1.7-3+deb12u10_armel.deb
 de10093268f24a1eb0df6319e7e5b294 14839 x11 optional xorg-server_21.1.7-3+deb12u10_armel-buildd.buildinfo
 29f934974f3f7b2008b14eedd025219a 3856056 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u10_armel.deb
 c48e57d5a1377631234ba758a5088cb0 3123528 x11 optional xserver-xephyr_21.1.7-3+deb12u10_armel.deb
 71e99cddccad8f0bcd7193dce10eecdd 5627752 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_armel.deb
 af059ffc67e6daca7a0a3c4855bf4c64 800060 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u10_armel.udeb
 329bc1181a9a622c1d6f36c70a6c2a62 3468176 x11 optional xserver-xorg-core_21.1.7-3+deb12u10_armel.deb
 9201ab0a31d8c2269e776adb10c56741 2554680 x11 optional xserver-xorg-dev_21.1.7-3+deb12u10_armel.deb
 7721114eff6880733f888dd7e6812d9a 9376 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_armel.deb
 0e341d2d4aa39806e980335b279a07c7 2388576 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u10_armel.deb
 11dcfe073dd881b6219cfc7bcbdcaca4 3189060 debug optional xvfb-dbgsym_21.1.7-3+deb12u10_armel.deb
 5e571c5bfb4f099e4853460f321a23fe 3009464 x11 optional xvfb_21.1.7-3+deb12u10_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmhVeFgACgkQlST9Us03
ywvFeA/+P7bba+KNhxmJj/f/vhLS1XPtHjt3Km7GdJGv6Id/4VdFdNEEXloiZGHk
BDlC/kmShHL3YWVJAlSjvWIzkt/IUyJLTjTlTypIMgznH3JCQMbFlzcyFr8eVxcB
2PwZknL2tAXa1n895XtDsvPZHDSHV80Q50l90xmfPo04TbxoHNOUKqel0B281siE
zB9NCNo3PgDtmwOJnLJ47oaTVrwS1A/BvCX/K3knM4wPwoc4yxC2T2BXN+aUDzQI
tbfSfWYZsRbmrfpdNdgn8Yofuyjfzvrt1wh4lRYSxr5jU5Hx6Yy30RDHsRRwgCdD
D4EMeO4dyO3HVW4KY7x+K+ov0TWxs+TGgEEMeNghqH31s6hYm7C6dFcKqD5byMIJ
J6HVcfu6/55G5xxZheTRVapoIUxFZxtT3+v23mbT/r2AwqUVAxvcM4QksGNO18Qo
AjofAhGQcVQg84QwwCVxsE1IdpFE85bvrNpUE/rEYxoiqJ0HJ0q6/AmZCN5I1XAo
XSL2+R+LACMIAZEaNS+HRHo1SlBMXqiqqbAd7b4FuTMIDolfy4lmqxDR6DkWzVL1
rZB1+pILpWIjtALAvF6XHChrSDDeAFtSCYF6NWWBq0b/XAe4pqU8/mZngNsJRvCX
TaRPxRPWVAVN/lj+5Y5FQ5y1wztEgJdcGNsVLGllFw7eUyQuXjQ=
=mdNH
-----END PGP SIGNATURE-----