-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Feb 2025 14:42:13 +0100
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: amd64
Version: 2:21.1.7-3+deb12u9
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u9) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Cursor: Refuse to free the root cursor (CVE-2025-26594)
   * dix: keep a ref to the rootCursor (CVE-2025-26594)
   * xkb: Fix buffer overflow in XkbVModMaskText() (CVE-2025-26595)
   * xkb: Fix computation of XkbSizeKeySyms (CVE-2025-26596)
   * xkb: Fix buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
   * Xi: Fix barrier device search (CVE-2025-26598)
   * composite: Handle failure to redirect in compRedirectWindow()
     (CVE-2025-26599)
   * composite: initialize border clip even when pixmap alloc fails
     (CVE-2025-26599)
   * dix: Dequeue pending events on frozen device on removal (CVE-2025-26600)
   * sync: Do not let sync objects uninitialized (CVE-2025-26601)
   * sync: Check values before applying changes (CVE-2025-26601)
   * sync: Do not fail SyncAddTriggerToSyncObject() (CVE-2025-26601)
   * sync: Apply changes last in SyncChangeAlarmAttributes() (CVE-2025-26601)
Checksums-Sha1:
 f7408e05320908d8c9f06b47c1a7af5eaeec0515 2683580 xnest-dbgsym_21.1.7-3+deb12u9_amd64.deb
 0612c00351d2ecbe198f903a2d2ab3a973b9a949 3013984 xnest_21.1.7-3+deb12u9_amd64.deb
 5378b0f18cb7b194d6b1f8291eb73814994efe06 14710 xorg-server_21.1.7-3+deb12u9_amd64-buildd.buildinfo
 6f4fe352c1eb6cc041b09c86d22ebc5dff0c84a4 3959764 xserver-xephyr-dbgsym_21.1.7-3+deb12u9_amd64.deb
 5a0f438e2dadcd2ec1c207b137c3f7b31d53b17d 3294248 xserver-xephyr_21.1.7-3+deb12u9_amd64.deb
 b03583a4f1c17c9863a4fbd53c90783b7a17f70d 5803032 xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_amd64.deb
 7b9d699eecab880f5104bf0d4c76f4d12e345703 974716 xserver-xorg-core-udeb_21.1.7-3+deb12u9_amd64.udeb
 a3cf251a396d5b4fdeb4645005f69b935121083a 3720304 xserver-xorg-core_21.1.7-3+deb12u9_amd64.deb
 e9e61f768024faac6deeb50014596e4c9d1ead11 2554512 xserver-xorg-dev_21.1.7-3+deb12u9_amd64.deb
 2aacdc7f5f9a76258d751736cd15e4897969a693 8888 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_amd64.deb
 4315ab53f6fdcd1652b7c558f218c8528171a596 2388496 xserver-xorg-legacy_21.1.7-3+deb12u9_amd64.deb
 464cb1a749e39addb487c2aac79b8140d242fcc7 3269212 xvfb-dbgsym_21.1.7-3+deb12u9_amd64.deb
 f121189eef74abdf26bbabea607561ee90a759c1 3152196 xvfb_21.1.7-3+deb12u9_amd64.deb
Checksums-Sha256:
 012f93b1642c1388ea109adffa9c182c7f7a7e380beec3edf1300d573895a777 2683580 xnest-dbgsym_21.1.7-3+deb12u9_amd64.deb
 10813721c636c2bd2bc941f1fca19c3fe3159bf5273945c574962b32d3a4e184 3013984 xnest_21.1.7-3+deb12u9_amd64.deb
 b79680c3817e23d767a774f9f86a3ea36ae2280853f5fe7b6c952bc419bc10eb 14710 xorg-server_21.1.7-3+deb12u9_amd64-buildd.buildinfo
 34fb9a7e8fcb9b4d18c15a5578074ed2214d09c4f24aaab41b5a332a12eb87e7 3959764 xserver-xephyr-dbgsym_21.1.7-3+deb12u9_amd64.deb
 737fe8893c2c498bb58b15fb6107e8fbe794b7b25f83898436a92ccbf0d45db3 3294248 xserver-xephyr_21.1.7-3+deb12u9_amd64.deb
 f526907a9efc380db784f9df330fad357254bbcbb14af6fcc969cedc9ee0c2e1 5803032 xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_amd64.deb
 4f388615c10838dd11544660f733b8360ea45b51b9097a493cccf3abb14780ef 974716 xserver-xorg-core-udeb_21.1.7-3+deb12u9_amd64.udeb
 e9b2f080a751dc5f6fbe5dde11c2f7007bf88aa91bcbfb64ae18712d914c336f 3720304 xserver-xorg-core_21.1.7-3+deb12u9_amd64.deb
 eccf5f3ed14fd996eff1233dde5bf4e6d995b993614e3f9449648f64a61a0bea 2554512 xserver-xorg-dev_21.1.7-3+deb12u9_amd64.deb
 059ddc381c205ff5e0143cd0cfca87c0e160136921f2addf35ff3b5176a22562 8888 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_amd64.deb
 f73647943ccbea6a80375fac618303d5bc850f79c8af218acccee7888c037c80 2388496 xserver-xorg-legacy_21.1.7-3+deb12u9_amd64.deb
 a479fdb2fb5d08d87b0f576c709b8d839234d1184253e4aa6887ea78392ec9bd 3269212 xvfb-dbgsym_21.1.7-3+deb12u9_amd64.deb
 3659c3418cee58533ea4c05a70b3c58fa904188b09254031407ffbd791efb1e6 3152196 xvfb_21.1.7-3+deb12u9_amd64.deb
Files:
 461521457c309f573a1ed3aeb36667f9 2683580 debug optional xnest-dbgsym_21.1.7-3+deb12u9_amd64.deb
 1aed30f8163a788a5a3f761191c8360d 3013984 x11 optional xnest_21.1.7-3+deb12u9_amd64.deb
 095f3aa23de68e3887dedd7aa14134a8 14710 x11 optional xorg-server_21.1.7-3+deb12u9_amd64-buildd.buildinfo
 99e64c2672f890b875c56b88e1511815 3959764 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u9_amd64.deb
 2d184a8c3979dc46132ee432132380f1 3294248 x11 optional xserver-xephyr_21.1.7-3+deb12u9_amd64.deb
 211a880f3e2050ab7be0adfcb0b7d534 5803032 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_amd64.deb
 72a3d5fb5d81ead0b7977a4658271b11 974716 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u9_amd64.udeb
 6481faf4daa63015b003ed085ccd6da1 3720304 x11 optional xserver-xorg-core_21.1.7-3+deb12u9_amd64.deb
 c11a991367235dc3a20cc923478debae 2554512 x11 optional xserver-xorg-dev_21.1.7-3+deb12u9_amd64.deb
 873459124ea07e5028594959df721749 8888 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_amd64.deb
 71649cb9aaa1b05d5d3c75ae0addee44 2388496 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u9_amd64.deb
 8440c971ba49e698a5a005011cf05caa 3269212 debug optional xvfb-dbgsym_21.1.7-3+deb12u9_amd64.deb
 2866fa16bfbef9b227f4b7ca94ec3a63 3152196 x11 optional xvfb_21.1.7-3+deb12u9_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvy6d65NNYPbL6IQIEQ1nooK/IAQFAme2LzoACgkQEQ1nooK/
IATbHA/7BdoqSj3OSIRKLDuPhJ913JwEuGRe1q30OLC1dcel6L5aLMGxbibZhEbP
Ok9piC4MJ+KsXIc3x4bCN/EcfVepFzUXBtd54sdUefqz47slqSmgBwqrk8PLMjnU
os9EUtN9z55AUkFABbKjCL0ToUby4MN/pYuyE8KY1NueZvrkms/V0XuYgUp63gYT
WEkgPjM0xPYUi68oh2U7L/1FVOTmg8hryKTp9qKcHPVsFu5lci5mCiN7+EAGvbHL
ZylN57dyr626r+sFdnX/6uQcnhTy+Dv0Fg5TMtOxvG5a1A+LBegFE6kWYSVvSwzb
WrliNYx5Fv6UL+fQA2qCsMHqTNBbbEz3z8EymVgIQNd3sFiLVa8lTrCTjNRyK75Y
AmSzexiKdVKu+jND3+tti4V+Lft/EqLgLUAy/n+iCP3e4R5qHLJw+p3myiq6Wh17
KSDkUMVo5mN+7jBympYkol1UVMQxMbNKN4KzaqUK4oEjVwUGFFe9Ziu/DQFZLqHL
TmE1idaclfnbyPzppnhZtQnfAskfT2GebXO8VrY+Fe3cDyvrZ8g8Q/Ern0116bXN
uqNISRpnAtpSep1c7zIDvIhJBuvywP3uB1SOCbWF9G6XDYfgUvXe+iEx/UbU1DNB
V+4/7o3Vk6Yg9/jbz2r8MpdYP28vvTgo3wNIjM1AWScdiFZdPm8=
=mnvF
-----END PGP SIGNATURE-----