-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Jun 2025 14:46:37 +0200
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: i386
Version: 2:21.1.7-3+deb12u10
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * render: Avoid 0 or less animated cursors (CVE-2025-49175)
   * os: Do not overflow the integer size with BigRequest (CVE-2025-49176)
   * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177)
   * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178)
   * record: Check for overflow in RecordSanityCheckRegisterClients()
     (CVE-2025-49179)
   * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180)
   * xfree86: Check for RandR provider functions (CVE-2025-49180)
   * os: Check for integer overflow on BigRequest length (CVE-2025-49176)
Checksums-Sha1:
 cb2f9bdf70ebb6f92052a434876266d79a9e5c0a 2436040 xnest-dbgsym_21.1.7-3+deb12u10_i386.deb
 678072e47df1a5003fd9a89ed9767688fc7eefc3 3060016 xnest_21.1.7-3+deb12u10_i386.deb
 000808fff239ea37167dba0b272da9e0b31f4c59 14808 xorg-server_21.1.7-3+deb12u10_i386-buildd.buildinfo
 c82ed1180433c420fa8fbeefeefba1ef49b287db 3576124 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_i386.deb
 109d6e4e729d0542944fdeb6479dd8f8df42fa26 3351564 xserver-xephyr_21.1.7-3+deb12u10_i386.deb
 ef2ca5321a9fcb4361448559bdb1035330bb109d 5304256 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_i386.deb
 bc0c6d20d5b286d81ac39abf184f75de6a8c8f2b 1012588 xserver-xorg-core-udeb_21.1.7-3+deb12u10_i386.udeb
 c388146938a0455dcf8bc879a6b87df7bd2275a4 3784908 xserver-xorg-core_21.1.7-3+deb12u10_i386.deb
 d92cff1fca3ef2c43561763b03b56a7d844ef86d 2554672 xserver-xorg-dev_21.1.7-3+deb12u10_i386.deb
 1e2480382c31d5a2ba03230c2899a400e009af67 8608 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_i386.deb
 875a4d29a3b7d15d486b56053d5c9f7b5d5e0017 2388708 xserver-xorg-legacy_21.1.7-3+deb12u10_i386.deb
 a7ca155e65c2134562ddd8d1115281f7a7019b8a 2964504 xvfb-dbgsym_21.1.7-3+deb12u10_i386.deb
 48607f7cb4f3894c49b7b86d661957e3a4283735 3204880 xvfb_21.1.7-3+deb12u10_i386.deb
Checksums-Sha256:
 9499fe6370b18870aa38d149e28f186fe7a461ab42111dbfe9019028a2cee401 2436040 xnest-dbgsym_21.1.7-3+deb12u10_i386.deb
 25c8f896e1cc511f37d4e8a236387d79971ff4991f7033ff752d32b1ce10350a 3060016 xnest_21.1.7-3+deb12u10_i386.deb
 0a699da9be1829368aa20a429c540557b051b5683c2f0fe9781beabcb042e2a7 14808 xorg-server_21.1.7-3+deb12u10_i386-buildd.buildinfo
 ef0b739828ac46be901577cf841d9271ac8108443efd50a9f17e5a2fa122ee50 3576124 xserver-xephyr-dbgsym_21.1.7-3+deb12u10_i386.deb
 3faba5ea9ba72025282ed321b6012b8f94cc2e741af8b29b2212b3d723208acd 3351564 xserver-xephyr_21.1.7-3+deb12u10_i386.deb
 f135aed627ffdb9d76caa3dcb370b7f8c16093463dc5264a2299d34b1554fd21 5304256 xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_i386.deb
 f4c6a89e6640865cc4523c1494e47c417d343ffa503b64211d3fe87bb363c352 1012588 xserver-xorg-core-udeb_21.1.7-3+deb12u10_i386.udeb
 3d3ed964ceee1ddd0349962fbbd7a320a803b7556339c9604425dadb8013cc22 3784908 xserver-xorg-core_21.1.7-3+deb12u10_i386.deb
 58a530a0603022cd3df84d2e139904acf6c7446d945f5b7709a135672b409fb2 2554672 xserver-xorg-dev_21.1.7-3+deb12u10_i386.deb
 953f2199989902431773771c08722a5c493628d8ffcefb24c593aefe73dd226b 8608 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_i386.deb
 a5c18044a1720e70eecb697830a22c14a15840b5da47cc3a38b8b9641a385dfa 2388708 xserver-xorg-legacy_21.1.7-3+deb12u10_i386.deb
 0783e2c9e93955c44186d48721ec783204e763af5ced8b96c174204e4829bcc7 2964504 xvfb-dbgsym_21.1.7-3+deb12u10_i386.deb
 9ea08dc9a56878feba88a9e99fe13a222bf407ec6b8bba82f7b40e5e1d167c1f 3204880 xvfb_21.1.7-3+deb12u10_i386.deb
Files:
 709209aaf60864040acbf2498f5ffc44 2436040 debug optional xnest-dbgsym_21.1.7-3+deb12u10_i386.deb
 c408fe328ddbc1e258eb69ec36b3548d 3060016 x11 optional xnest_21.1.7-3+deb12u10_i386.deb
 652bd1204d6e73d4a6dbac44f0ff40e5 14808 x11 optional xorg-server_21.1.7-3+deb12u10_i386-buildd.buildinfo
 e89651c3dfaead6dcd377a8523a077b8 3576124 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u10_i386.deb
 c58e27b3cf5dfe8e38b97de84643f4a6 3351564 x11 optional xserver-xephyr_21.1.7-3+deb12u10_i386.deb
 be1f5c422b651cd9f975fdb6da41f0ae 5304256 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u10_i386.deb
 b7628ddd62eee16dfb61c441351247b1 1012588 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u10_i386.udeb
 098c8661b05b615e024e7fa22e1126d3 3784908 x11 optional xserver-xorg-core_21.1.7-3+deb12u10_i386.deb
 384faacec74683215c1477836c5d05fd 2554672 x11 optional xserver-xorg-dev_21.1.7-3+deb12u10_i386.deb
 acc4862b5873747b573c2583d8d2b6cd 8608 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u10_i386.deb
 c450ad43ea2dc486471fcd278499e476 2388708 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u10_i386.deb
 3b5521f19c5a2ef50557d896c15e37c7 2964504 debug optional xvfb-dbgsym_21.1.7-3+deb12u10_i386.deb
 3187d86bdd012de1c069165043ec6a13 3204880 x11 optional xvfb_21.1.7-3+deb12u10_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmhVeOQACgkQvGw9w6Vr
LCfrgQ//fryiG2hDO9poMdcV/AG2m4DBuxD05buQLHLRxyJ7aBSYGq/ZJRZ4j0GO
fv30bKg0nk98bdimLrSGJQu5Omhzc64DXZT0LwSeicd113QSJodNJ9vnKYsxFL5e
dKDjxubNGX+rGwV3TlUbb9CGF7Cdne5t3cxRDBAWiE2BFcDA9EIxWZ6oWyrviaui
nBEG9IVQymZV+N07KPBAKVHrHLNpMJl5Lxh23kCWr4Z1gKL9oF12lvUfBoB/udy2
LVObmUVXWu0Wz+K713AE9iqW1W8nrEmi1+pN4lX78mHdvZVmT5m/eA7jVYcdTr0j
umpwPfdAHJLnQFg2O8lx0sXOeqC5TZNtoQJbPdrJM7f1ZoQu0DTb5OaX6yZcPHSl
OTqbOSt7e7l0dZ5/ym6J8OUt9IEp0s0aqpIfoCJmbCoRC8IgHNAe7ZywhaGd4QSo
u94O8/b7bbLertMLVfba97CaBvr2R+IeCVn385w/2/AKLUXNw5tZ7I/uuVJDFpGM
G5MKN94sHx1tMsY3v4KOyec07c0icdoInuIWtLopldar+qldSQOLuzm2hisJFsKa
HS0USUuO5x6vpAH0UBVl9o3wW9afi2J8buE5dR0X3k6m5jiQGi5uKGLYwpbG4nqq
CBwTKD5e82ZkR2dakYTMrSqgoBB2snIgfnNeu0xgZy6vOZhXC4k=
=UQuZ
-----END PGP SIGNATURE-----