The following URL contains source and binary packages for powerpc resolving CAN-2005-0605[1], which is described as:
The XPM library's scan.c file may allow attackers to execute arbitrary code by crafting a malicious XPM image file containing a negative bitmap_unit value that provokes a buffer overflow. http://redwald.deadbeast.net/tmp/CAN-2005-0605/ I'm attaching a GPG-signed file, MD5SUMS.txt, that you can use to verify the download. This package makes two changes: 1) It applies the purported fix for CAN-2005-0605. I know of no exploit for this vulnerability, so I was unable to test this. 2) It fixes the regression in XPM file-writing introduced by the fix for CAN-2004-0914 (in -16woody5). I confirmed that saving XPM files in a woody environment with -16woody5 with the GIMP didn't work, and that upgrading to -16woody6 restored the functionality. Please also find at the above URL: * my package build log, xfree86_4.1.0-16woody6_powerpc.build; I built in a clean, up-to-date woody chroot * xfree86_4.1.0-16woody6_qa_install_purge.typescript, a transcript of installing and purging these packages in a woody chroot * xfree86_4.1.0-16woody6_qa_upgrade_downgrade.typescript, a transcript of upgrading these packages from -16woody5 and downgrading them back to -16woody5 in a woody chroot * test-x11-packages, the shell script I used to automate the above QA tests Please let me know if you require anything else regarding this vulnerability. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 -- G. Branden Robinson | Somewhere, there is a .sig so funny Debian GNU/Linux | that reading it will cause an [EMAIL PROTECTED] | aneurysm. This is not that .sig. http://people.debian.org/~branden/ |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dc1bbb9c290e4600aadb70f16a6a5482 test-x11-packages 7eaf6c70e8487b40326858efe9a6cede lbxproxy_4.1.0-16woody6_powerpc.deb d027aec099ddc53fa7ca9e343c68163e libdps-dev_4.1.0-16woody6_powerpc.deb 7426a90be3e1ab4521a0936c3fd97a9c libdps1-dbg_4.1.0-16woody6_powerpc.deb 2c4328c9b53c408534f5b7e664f34de7 libdps1_4.1.0-16woody6_powerpc.deb 57afc54ca1cb13c8bf2dae55bb6a31ee libxaw6-dbg_4.1.0-16woody6_powerpc.deb d212615fe6cef3bdf1f6a1dbd43a7c99 libxaw6-dev_4.1.0-16woody6_powerpc.deb e71a3371682dc101956a645115629c83 libxaw6_4.1.0-16woody6_powerpc.deb ae63ca1629e7fbd108e2ecf164e03834 libxaw7-dbg_4.1.0-16woody6_powerpc.deb e4e0b7bdb0455877fe387ff8280cc90a libxaw7-dev_4.1.0-16woody6_powerpc.deb a4ca4226ecaf53de53ffda14610951e5 libxaw7_4.1.0-16woody6_powerpc.deb e6aa9713af00c7c807d54e6407e98b5a proxymngr_4.1.0-16woody6_powerpc.deb a9f8e7cdb313665cef17e218f03652c3 twm_4.1.0-16woody6_powerpc.deb a099b36fdbf372132e8b07b39a6c75d1 x-window-system-core_4.1.0-16woody6_powerpc.deb 08a53813d34d9a2e5e74454c5f7e7c53 x-window-system_4.1.0-16woody6_all.deb 5be95fe04d680aa1f4717d0227a34f6c xbase-clients_4.1.0-16woody6_powerpc.deb fb26770ba4499739381d20bddd666f62 xdm_4.1.0-16woody6_powerpc.deb a69ba7cf04cd93648c57e92fe5d67fa1 xfonts-100dpi-transcoded_4.1.0-16woody6_all.deb ba27930aebe12207c6cc44ef44a87cdd xfonts-100dpi_4.1.0-16woody6_all.deb 0f0faa942f6df46ff5a38908f21db063 xfonts-75dpi-transcoded_4.1.0-16woody6_all.deb 25cd64b4d052a7d1385be6ee9b372c01 xfonts-75dpi_4.1.0-16woody6_all.deb fdcef7a8e491ed8123de040769a8e6d3 xfonts-base-transcoded_4.1.0-16woody6_all.deb 365fb081b267cd113804dc5084f37fdf xfonts-base_4.1.0-16woody6_all.deb fd9d3acaf63fa2a3b2f690a48a8a4a2b xfonts-cyrillic_4.1.0-16woody6_all.deb 30b4a4293af19e2686f66469514cd739 xfonts-pex_4.1.0-16woody6_all.deb 5018c7dd32cc4f45d03e3129c43706d1 xfonts-scalable_4.1.0-16woody6_all.deb 12473d63f53c71aae0f13b63cbc161c2 xfree86-common_4.1.0-16woody6_all.deb 30487abd663a975a939c91657964104d xfree86_4.1.0-16woody6.diff.gz 008341b53216f4243930c7ab9eefee78 xfree86_4.1.0-16woody6.dsc 768ea5dd8729b95a0ff1a7bd539cb60b xfree86_4.1.0-16woody6_powerpc.build bc2c2003f214a8a702537b4209efbe86 xfree86_4.1.0-16woody6_powerpc.changes 2494e069b22ee962edd06b8febf241e2 xfree86_4.1.0-16woody6_qa_install_purge.typescript 2a82f939e11da62740a6914cfd22074f xfree86_4.1.0-16woody6_qa_upgrade_downgrade.typescript 2d031eb29080b082ce1eef1ecd5b76d4 xfs_4.1.0-16woody6_powerpc.deb f77f6400d4bd0d192e5ae2c1d12e180d xfwp_4.1.0-16woody6_powerpc.deb 7a75e5d70dc15331d3d14727eb61c05b xlib6g-dev_4.1.0-16woody6_all.deb 84a188aabd59f70cae09e66601212fbe xlib6g_4.1.0-16woody6_all.deb d8e0aadb5730ec7d21c81d06c56b78e3 xlibmesa-dev_4.1.0-16woody6_powerpc.deb 600c6ac00706439591e8459c65628b5c xlibmesa3-dbg_4.1.0-16woody6_powerpc.deb 83f7194c6dab6d3b877120ed97113f8c xlibmesa3_4.1.0-16woody6_powerpc.deb 6e7183c6bce4dee1f4c5e42b89576b9b xlibosmesa-dev_4.1.0-16woody6_powerpc.deb e01430792026abc45d5db5f02de79f09 xlibosmesa3-dbg_4.1.0-16woody6_powerpc.deb e607f4c0028644aca93f431944ad772a xlibosmesa3_4.1.0-16woody6_powerpc.deb 2b94a31e879892260d6acd0d0148cd77 xlibs-dbg_4.1.0-16woody6_powerpc.deb 809d19f5c70c265ff4416091f53e0733 xlibs-dev_4.1.0-16woody6_powerpc.deb df6bdf9bd2172fdd47b7207130bb9d91 xlibs-pic_4.1.0-16woody6_powerpc.deb 2fa3b758a4d1250f9c709caba2139eaf xlibs_4.1.0-16woody6_powerpc.deb 6491f358a6a6b5ae76dfd5bf0c90bbbd xmh_4.1.0-16woody6_powerpc.deb af34c702efaa36f5539f7bd1fd367819 xnest_4.1.0-16woody6_powerpc.deb 581ddd926fa9aa1bf532947e0cd2a099 xprt_4.1.0-16woody6_powerpc.deb e21b47ed2cdc09a6c6fbb58bc91ba58a xserver-common_4.1.0-16woody6_powerpc.deb 7c876bccbdbc7930687bbe3085b0d6fd xserver-xfree86_4.1.0-16woody6_powerpc.deb adfd6a36e51dbddd5bc5890027bab8f4 xspecs_4.1.0-16woody6_all.deb c327deb7b54d19021164e4c2d9eeea2a xterm_4.1.0-16woody6_powerpc.deb 15634dc9627f24087eb9c6f8aa12f12d xutils_4.1.0-16woody6_powerpc.deb 55eb652663a69e11c5b6fb21d4e66ad6 xvfb_4.1.0-16woody6_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iEYEARECAAYFAkIxVVwACgkQ6kxmHytGonyExACfflsqZfc2zQJdYHXlCehhmwlk pnoAoIHhmi31gi53iNoaXlfWoJFkOyQZ =rr59 -----END PGP SIGNATURE-----
signature.asc
Description: Digital signature
