-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Feb 2025 14:42:13 +0100
Source: xorg-server
Binary: xnest xnest-dbgsym xserver-xephyr xserver-xephyr-dbgsym xserver-xorg-core xserver-xorg-core-dbgsym xserver-xorg-core-udeb xserver-xorg-dev xserver-xorg-legacy xserver-xorg-legacy-dbgsym xvfb xvfb-dbgsym
Architecture: armhf
Version: 2:21.1.7-3+deb12u9
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xnest      - Nested X server
 xserver-xephyr - nested X server
 xserver-xorg-core - Xorg X server - core server
 xserver-xorg-core-udeb - Xorg X server - core server (udeb)
 xserver-xorg-dev - Xorg X server - development files
 xserver-xorg-legacy - setuid root Xorg server wrapper
 xvfb       - Virtual Framebuffer 'fake' X server
Changes:
 xorg-server (2:21.1.7-3+deb12u9) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Cursor: Refuse to free the root cursor (CVE-2025-26594)
   * dix: keep a ref to the rootCursor (CVE-2025-26594)
   * xkb: Fix buffer overflow in XkbVModMaskText() (CVE-2025-26595)
   * xkb: Fix computation of XkbSizeKeySyms (CVE-2025-26596)
   * xkb: Fix buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
   * Xi: Fix barrier device search (CVE-2025-26598)
   * composite: Handle failure to redirect in compRedirectWindow()
     (CVE-2025-26599)
   * composite: initialize border clip even when pixmap alloc fails
     (CVE-2025-26599)
   * dix: Dequeue pending events on frozen device on removal (CVE-2025-26600)
   * sync: Do not let sync objects uninitialized (CVE-2025-26601)
   * sync: Check values before applying changes (CVE-2025-26601)
   * sync: Do not fail SyncAddTriggerToSyncObject() (CVE-2025-26601)
   * sync: Apply changes last in SyncChangeAlarmAttributes() (CVE-2025-26601)
Checksums-Sha1:
 2aad2c2d00e1124fc596243b0c8d5277f89b2521 2640188 xnest-dbgsym_21.1.7-3+deb12u9_armhf.deb
 2ae52da0a4dec8022e91b7adabf4e123f61ffeb9 2905408 xnest_21.1.7-3+deb12u9_armhf.deb
 a73d690a9453c7a6623cc9f32b041ecd69b66c6e 14723 xorg-server_21.1.7-3+deb12u9_armhf-buildd.buildinfo
 8939537a5e2595e8849154881563d9f7bf8a5dce 3877716 xserver-xephyr-dbgsym_21.1.7-3+deb12u9_armhf.deb
 ae33e653caea3f4642f8110c8835f981e1173f8c 3126536 xserver-xephyr_21.1.7-3+deb12u9_armhf.deb
 a7c08d6687b0993963666f60e957a8fdc54e44c9 5665608 xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_armhf.deb
 7b8ff4a0303942863a018c91f4737d0b0afcbb43 808072 xserver-xorg-core-udeb_21.1.7-3+deb12u9_armhf.udeb
 044c8772540a309ba798e1ccf172d5130da19d10 3477460 xserver-xorg-core_21.1.7-3+deb12u9_armhf.deb
 9ec92e5ef59c965507493eef92602d3274999ae4 2554508 xserver-xorg-dev_21.1.7-3+deb12u9_armhf.deb
 33e43b9d0b239f4b41f94fec171155cd52c28f68 9576 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_armhf.deb
 40f11926128908f738ebb3d527f3a21ce8402e3d 2388300 xserver-xorg-legacy_21.1.7-3+deb12u9_armhf.deb
 af852ba472764f6a1a25bd754b108dd7f8b32722 3205860 xvfb-dbgsym_21.1.7-3+deb12u9_armhf.deb
 e50be11f789cb2107466daf951109dfcfe4b1651 3011432 xvfb_21.1.7-3+deb12u9_armhf.deb
Checksums-Sha256:
 b0e289d25ee338b8ce88aaef530f3bc85350ceb9a05569f2ad648d6cbaf4560f 2640188 xnest-dbgsym_21.1.7-3+deb12u9_armhf.deb
 d967c49af4a56ae58e220e1e0306afd5d9a37c481f776170923c6935bcc55b3d 2905408 xnest_21.1.7-3+deb12u9_armhf.deb
 f3907eb87e3c6fe13c9e507baeafa74f6f05a005be2bad8c8b58f99c71d1746c 14723 xorg-server_21.1.7-3+deb12u9_armhf-buildd.buildinfo
 fd5d2446c07e3c970ceb0070d6d931c3fe148ddb7ed35641d7680060557a322b 3877716 xserver-xephyr-dbgsym_21.1.7-3+deb12u9_armhf.deb
 2ebf502da51ab564996049aad50fc8505aefa3c96b3a8b20939a575afd0adf65 3126536 xserver-xephyr_21.1.7-3+deb12u9_armhf.deb
 ebfe02dc5fa0b3c32917d4c7b202d119df9a731e8dff269a6c583e30bc42c31f 5665608 xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_armhf.deb
 0d6fc34e2dbb33b6d60a159b8867617f04b8d2518ea41406a184ea885e426633 808072 xserver-xorg-core-udeb_21.1.7-3+deb12u9_armhf.udeb
 7679f2cac84540072945422e76721f685e7806fe9a0b389e702f37ebb0fce3ac 3477460 xserver-xorg-core_21.1.7-3+deb12u9_armhf.deb
 bfd3757feb905ced424888855af20eee8992698105700bbec19d8852f85c05d5 2554508 xserver-xorg-dev_21.1.7-3+deb12u9_armhf.deb
 161e84d836d94eb6fb0791e69daa9aee38801e496a30bc4d8e841af239815e1c 9576 xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_armhf.deb
 99635662da06864b246b1cd15d4810944044f8dc029176d9602bcf0846bbbbf0 2388300 xserver-xorg-legacy_21.1.7-3+deb12u9_armhf.deb
 a4934e88ecfda98e00e3b3633b441c5586c0b1ea50c2a6529f57d03d855e41b1 3205860 xvfb-dbgsym_21.1.7-3+deb12u9_armhf.deb
 40f933f49b9590027cc45d9f46eaa8ae104a52490500e22ed1f2065e99a31bb8 3011432 xvfb_21.1.7-3+deb12u9_armhf.deb
Files:
 ca1292302870e88081a61f3773606249 2640188 debug optional xnest-dbgsym_21.1.7-3+deb12u9_armhf.deb
 94afa6c0eee303aedac49441565d2318 2905408 x11 optional xnest_21.1.7-3+deb12u9_armhf.deb
 d49519b4709d459a492d74098351adee 14723 x11 optional xorg-server_21.1.7-3+deb12u9_armhf-buildd.buildinfo
 7d78403c052ee1b3558c700f225d25b7 3877716 debug optional xserver-xephyr-dbgsym_21.1.7-3+deb12u9_armhf.deb
 1519aa361a81c475a4f67d6f66985427 3126536 x11 optional xserver-xephyr_21.1.7-3+deb12u9_armhf.deb
 5b80faf7ce37670291e6b2d8ee06d89d 5665608 debug optional xserver-xorg-core-dbgsym_21.1.7-3+deb12u9_armhf.deb
 18d1cc21d3283ae081d7f575214a9287 808072 debian-installer optional xserver-xorg-core-udeb_21.1.7-3+deb12u9_armhf.udeb
 1d3304e52ee89ee418ec32943d031d07 3477460 x11 optional xserver-xorg-core_21.1.7-3+deb12u9_armhf.deb
 c974afec189fe8cb3158bc948280bd41 2554508 x11 optional xserver-xorg-dev_21.1.7-3+deb12u9_armhf.deb
 09d25e4b679c349f9ff547828f9d54cb 9576 debug optional xserver-xorg-legacy-dbgsym_21.1.7-3+deb12u9_armhf.deb
 242b7fd8965bf434de951fc717f89d16 2388300 x11 optional xserver-xorg-legacy_21.1.7-3+deb12u9_armhf.deb
 c96d9b10500ca035c2c6a82098209035 3205860 debug optional xvfb-dbgsym_21.1.7-3+deb12u9_armhf.deb
 19efe213a2a092f304e9a39a168721ca 3011432 x11 optional xvfb_21.1.7-3+deb12u9_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAme2Ma0ACgkQaRWK3AIe
28GxKw/+JVRpJWudMI7mzZ6BQAruPKktC56HH8rUhpFKFibZCHJO9C0rr42kPVQ4
8KSpi2gKklhaOoYQHIFm9j6uKWc+xLcER8bYEHF4sJAF8kiUUEXl9JQZJFfTbAZt
xB/FL8LoinG3cCZ0+6/loIKLF2onDtBIMlEAECC7MBoty3SphJ2bnJdWDyG49rhz
phEacJuF8M8EwCvOkFbABKYsOe1ADAV15hsiehRif9ZDD7qbLlb03Zzr6/5DsWP0
D9w3pjvSUL0lLpSVPiX4duS7vIJDAyh4CfBfF1FxAQlgJCKtWG4nQ3Z1KJPSBpwt
zVhW3jJ+vdCj0xZE/tqY9sJLTRcsrmL+y1KDE3tWz/ZQaLJ3nnywDYHjVESTG5mG
qzk5xSvCJ/1DjsjOXsaqiXnPvkNRWg5ClnyP6vb+v5vzIBs6jnwZ7PRLm0vNBl+n
ycT0dzr1bPe7ljC4AOer/7LHakI/7qi4Y9ivcekW7IQHdsls0kHdHCgS0gpmUl2+
bvlo6mV6Zhncf8H00Y4slHE5rHCWf6QzlTW4OWZVzWO/Yf6SsGUfiNfZsZqdoeRb
WYyLaUj92tMod0/Wuc7EH5i1j6icLyxhZ2Y2TFqKvBFBZoda0bk3D8WazyHVCkX1
OP3MTcxvrMDn/SydrgI1URoFUwNlDvz2yIgCbw8STFvxGGl0oxU=
=08kc
-----END PGP SIGNATURE-----