-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 20 Jun 2025 14:46:37 +0200 Source: xorg-server Architecture: source Version: 2:21.1.7-3+deb12u10 Distribution: bookworm-security Urgency: high Maintainer: Debian X Strike Force Changed-By: Salvatore Bonaccorso Changes: xorg-server (2:21.1.7-3+deb12u10) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * render: Avoid 0 or less animated cursors (CVE-2025-49175) * os: Do not overflow the integer size with BigRequest (CVE-2025-49176) * xfixes: Check request length for SetClientDisconnectMode (CVE-2025-49177) * os: Account for bytes to ignore when sharing input buffer (CVE-2025-49178) * record: Check for overflow in RecordSanityCheckRegisterClients() (CVE-2025-49179) * randr: Check for overflow in RRChangeProviderProperty() (CVE-2025-49180) * xfree86: Check for RandR provider functions (CVE-2025-49180) * os: Check for integer overflow on BigRequest length (CVE-2025-49176) Checksums-Sha1: 49927eeb33da9afc4adbb68911c040e8bd0bae6d 4139 xorg-server_21.1.7-3+deb12u10.dsc 8b1fedbdb6742e6c7785a0916224b088b56262a1 200775 xorg-server_21.1.7-3+deb12u10.diff.gz 575d76a5f4b7cd2efc11ea9cd9d66e4ef929669b 6808 xorg-server_21.1.7-3+deb12u10_source.buildinfo Checksums-Sha256: 09526ee3ab6304a2d926d21892341551c8edda22ad43d9b3f18ebfecb899e999 4139 xorg-server_21.1.7-3+deb12u10.dsc 867311b2583e2d727535cbf3db672444ef7da0c8a7ebdc399d4e2196d5e9df29 200775 xorg-server_21.1.7-3+deb12u10.diff.gz eed3a4d327222c16ede58f0faf4ede877c8671d29ba0f07d51b475990715665c 6808 xorg-server_21.1.7-3+deb12u10_source.buildinfo Files: f2058ee79192becb221920c187e81841 4139 x11 optional xorg-server_21.1.7-3+deb12u10.dsc ec87858d6b6bbe0ecb8a4c3e11937b62 200775 x11 optional xorg-server_21.1.7-3+deb12u10.diff.gz f499e9b9de8d5b148fbf568ac802f881 6808 x11 optional xorg-server_21.1.7-3+deb12u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhVWNZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELFMQAI+MC+j2tEhED+G/bxyOnRN5s+NXAy1Y rZlIXGWA1gJhDLiMllCTV4Lqi+6SQjlfk2cyWwDcLVjNS44buNYx3lIt0obNcaCU 3Y33T1/TiYLEC6uAbusMUW5rzPod+scBxE/EuzMifp5tlov72YZhAfzIl9qsQqtq BH+2rhX/5RjehcKuKnQrdZLdT0Jj7lqf/p7H+gfKb/6UBpXwXCvhgQuhZkhF50bD 3OfMXNxGM/rBQZfuocec/HGYI6R77F2MyQbEiL3iMTZ/9TZEn+Uc5fREsLHt9kNz X0sn2UsaAMtZ456/YuDpF6u68/PF3G1obDvsEumonQm01MNip5s5Of1Wa1/VzuLQ Tckc/uNCKeWqm4YH1z5dyhYynOnT/seQ1N25V64Lwnlx3DC4Jl441l1KN+CvITky TDrVFNKDJl+5RFxPkGTbPK/Qa365psnqljj0ZYNi8BC4ZdTEWB07PpX2H6PG87RI wcpsUJHkhbOiuHpUg1kmmv97b9G0RzBslZxol42SHRDmYc9HAqdhAVl7e9oncnsm UpUs/C12eOHuykWTkYvvaM4Sau2xzDDZ4xK+eEiqcYfiPF29Kd7zNH7wB4mC+QWN wK8O1PfUlNqSIjdprurFWZoHfiBhbyE1Pnz0WCZzzhYR4S81a2t9h2M1YEzc64oc c3GQpJLzjNWN =KM2h -----END PGP SIGNATURE-----