Subject: CVS commit: pkgsrc/x11/libXpm
From: Thomas Klausner
Date: 2023-10-03 22:28:15
Message id: 20231003202815.430ABFBDB@cvs.NetBSD.org

Log Message:
libXpm: update to 3.5.17.

This release contains fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2023-October/003424.html

Alan Coopersmith (10):
      Set close-on-exec when opening files
      test: use g_pattern_spec_match_string if available
      Explicitly mark non-static symbols as export or hidden
      Fix CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer
      test: Add test case for CVE-2023-43789 (corrupt colormap info)
      Fix CVE-2023-43789: Out of bounds read on XPM with corrupted colormap
      test: Add test case for CVE-2023-43786 (stack exhaustion in PutImage)
      Avoid CVE-2023-43786: stack exhaustion in XPutImage()
      test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage)
      libXpm 3.5.17

Yair Mizrahi (1):
      Avoid CVE-2023-43787 (integer overflow in XCreateImage)

Files:
RevisionActionfile
1.32modifypkgsrc/x11/libXpm/Makefile
1.15modifypkgsrc/x11/libXpm/distinfo