Debian 9858 Published by

20 security updates has been released for Debian GNU/Linux



[SECURITY] [DSA 2692-1] libxxf86vm security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2692-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxxf86vm
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2001

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem will be fixed
soon as version 1:1.1.0-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1:1.1.2-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.1.2-1+deb7u1.

We recommend that you upgrade your libxxf86vm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeOvAACgkQXm3vHE4uylr6EgCffVfHl2qmCgS8tN5JmlF54cnE
9xgAoO0I9C9vPBeJ6vSl4qr/zQu9lGYg
=N55T
-----END PGP SIGNATURE-----
[SECURITY] [DSA 2691-1] libxinerama security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2691-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxinerama
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1985

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.1-3+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.2-1+deb7u1.

We recommend that you upgrade your libxinerama packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeOpQACgkQXm3vHE4uylrHtQCeNA0Icopuu81Z0jp7MsGGjBY3
YWEAniQIJ+AOY+qt7d8UHcXA55WUpQ0C
=ApP3
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2690-1] libxxf86dga security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2690-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxxf86dga
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1991 CVE-2013-2000

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2:1.1.1-2+squeeze1.

For the stable distribution (wheezy), these problems have been fixed in
version 2:1.1.3-2+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.1.3-2+deb7u1.

We recommend that you upgrade your libxxf86dga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeOl8ACgkQXm3vHE4uylpDKACdHWUKZzMN3YOgJDpYenbeLOyd
UVsAn3mwxkngZVFHuMoEFoifrTn87IHU
=exJE
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2673-1] libdmx security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2673-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libdmx
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1992

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1:1.1.0-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.2-1+deb7u1.

We recommend that you upgrade your libdmx packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeM1UACgkQXm3vHE4uylpQPgCeO0wyNY7OIfaZAftZgG9SVMFX
0oIAnRjZAaERaUGkQ4GYeR4TI665E0Yp
=WBmW
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2674-1] libxv security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2674-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxv
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1989 CVE-2013-2066

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2:1.0.5-1+squeeze1.

For the stable distribution (wheezy), these problems have been fixed in
version 2:1.0.7-1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.0.7-1+deb7u1.

We recommend that you upgrade your libxv packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeM8oACgkQXm3vHE4uylo6EQCfdm8PIgsn9oCKoeT5BQZCxDHW
tnEAoKrkpGMgI3p2cciWIj3E5V9XQf5j
=9LEf
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2675-1] libxvmc security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2675-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxvmc
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1990 CVE-2013-1999

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2:1.0.5-1+squeeze1.

For the stable distribution (wheezy), these problems have been fixed in
version 2:1.0.7-1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.0.7-1+deb7u1.

We recommend that you upgrade your libxvmc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNB0ACgkQXm3vHE4uylpi6gCgxvPOGpUp2C1WzBaTKmYo2llz
MLoAoKdsBUkUM1qMKN9lyMqFo/L/ZjRo
=C2hN
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2676-1] libxfixes security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2676-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxfixes
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1983

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 4.0.5-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1:5.0-4+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:5.0-4+deb7u1.

We recommend that you upgrade your libxfixes packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNGgACgkQXm3vHE4uylorbACfbKyJ+5tuvzMDW5LOK7C/0Lis
V2gAoLMvptDOSkBeG8UalxWLhzVZAMnq
=xHEW
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2689-1] libxtst security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2689-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxtst
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2063

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:1.1.0-3+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.2.1-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.2.1-1+deb7u1.

We recommend that you upgrade your libxtst packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeON8ACgkQXm3vHE4uylp8tQCgz9rbJY7bp51pFHYM0xr0f7/f
bMUAoMCn8dSk/F7IQ+3dbVMxVFBkIwEw
=ee0F
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2688-1] libxres security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2688-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxres
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1988

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:1.0.4-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.0.6-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.0.6-1+deb7u1.

We recommend that you upgrade your libxres packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeOI4ACgkQXm3vHE4uylrwnACfaX+RwOPjFkir3+zBx3EePjiE
6TUAnjP/4FDp6iM2VX38Yed19xBFA4GV
=RayP
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2687-1] libfs security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2687-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libfs
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1996

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:1.0.2-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.0.4-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.0.4-1+deb7u1.

We recommend that you upgrade your libfs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeOBwACgkQXm3vHE4uylo0wwCeKo/LPrrrtxViPOdaHlylBl6W
5PwAnjikx0jhWFqwf/h8sFkhbS14ewyx
=UdYB
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2686-1] libxcb security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2686-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxcb
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2064

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.6-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1.8.1-2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.1-2+deb7u1.

We recommend that you upgrade your libxcb packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeN9EACgkQXm3vHE4uylr53gCeMXQ0/KXlRqLQ5Xw4bvtkHa8d
ce4AnjyUYH34VDTIq56rV5CVhOkLU+U8
=ucCl
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2685-1] libxp security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2685-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxp
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2062

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1:1.0.0.xsf1-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1:1.0.1-2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.0.1-2+deb7u1.

We recommend that you upgrade your libxp packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeN4AACgkQXm3vHE4uylp7JQCguqKXqXG9GqBhrNDb2B7SIKUe
czoAoNnzD4qyJRi9CbqIPR/j2pjDyDRn
=umC9
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2684-1] libxrandr security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2684-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxrandr
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1986

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:1.3.0-3+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.3.2-2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.3.2-2+deb7u1.

We recommend that you upgrade your libxrandr packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNzMACgkQXm3vHE4uylrhFQCfYHBP99XPbhQcKTzjTfrgvphm
0RcAni6xpidICEgPNAtfxx5SMapo5Kex
=QCny
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2683-1] libxi security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2683-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxi
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1984 CVE-2013-1995 CVE-2013-1998

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2:1.3-8.

For the stable distribution (wheezy), these problems have been fixed in
version 2:1.6.1-1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 2:1.6.1-1+deb7u1.

We recommend that you upgrade your libxi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNuQACgkQXm3vHE4uylqwkgCg2wpO4xxuZcNIdmhzU77/BkYp
fqgAniSSgyOipXL842s19bceNfBljw/y
=eaz9
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2682-1] libxext security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2682-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxext
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1982

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2:1.1.2-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 2:1.3.1-2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2:1.3.1-2+deb7u1.

We recommend that you upgrade your libxext packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNmgACgkQXm3vHE4uylpVYACfRb+H3PUEGtobBFX3RbsybBZX
V6oAn1qWPcdPuXIv/FsB5vTn2PzSBl10
=F/p+
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2681-1] libxcursor security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2681-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxcursor
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2003

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1:1.1.10-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1:1.1.13-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.1.13-1+deb7u1.

We recommend that you upgrade your libxcursor packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNiEACgkQXm3vHE4uylqueQCgxNhVeiuAWxZiltTa9qednH80
AxMAoKlzGd4n3R/FqGxQAlxYYyAs89g5
=UP6u
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2680-1] libxt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2680-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxt
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2002 CVE-2013-2005

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), these problems have been fixed in
version 1:1.0.7-1+squeeze1.

For the stable distribution (wheezy), these problems have been fixed in
version 1:1.1.3-1+deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1:1.1.3-1+deb7u1.

We recommend that you upgrade your libxt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNcMACgkQXm3vHE4uylqcaQCfV0+rOuDMcV8+rEdK97xsS6Gt
JKIAniCBFZA1mxf9P3vInyIRW3CyDyZZ
=M7zp
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2679-1] xserver-xorg-video-openchrome security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2679-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xserver-xorg-video-openchrome
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1994

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 0.2.904+svn842-2+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 0.2.906-2+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.906-2+deb7u1.

We recommend that you upgrade your xserver-xorg-video-openchrome packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNWgACgkQXm3vHE4uylrTpgCgiBj+1I/dfil1g/twTYSiZHJL
KPwAoIM3x/WBiv691U1KrJCPCkLIozOx
=MrEv
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2678-1] mesa security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2678-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mesa
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1993

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 7.7.1-6.

For the stable distribution (wheezy), this problem has been fixed in
version 8.0.5-4+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 8.0.5-6.

We recommend that you upgrade your mesa packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNRMACgkQXm3vHE4uylok7wCgoYincClsSUlWB9CfAnyqUs8M
GukAoM9LF+Ip0kMPRlU9dBz9xNL82g8I
=h7YT
-----END PGP SIGNATURE-----

[SECURITY] [DSA 2677-1] libxrender security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2677-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxrender
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-1987

Ilja van Sprundel of IOActive discovered several security issues in
multiple components of the X.org graphics stack and the related
libraries: Various integer overflows, sign handling errors in integer
conversions, buffer overflows, memory corruption and missing input
sanitising may lead to privilege escalation or denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1:0.9.6-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 1:0.9.7-1+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:0.9.7-1+deb7u1.

We recommend that you upgrade your libxrender packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGeNLUACgkQXm3vHE4uyloWLwCdExGEri73mKXnX/jd3atI54Gd
fHUAn2jTyN+sW+JIQu7Yrun4m9WUxCQ3
=IgPf
-----END PGP SIGNATURE-----