Subject: Xpm library security fix

Chris Evans reported several flaws (stack and integer overflows) in the
Xpm library code that parses image files (CAN-2004-0687, CAN-2004-0688).
Some of these would be exploitable when parsing malicious image files in
an application that handles XPM images, if they could escape ProPolice.

The fixes have been committed to OpenBSD -current as well as the
3.4 and 3.5 -stable branches.

Patches against OpenBSD 3.4 and 3.5 are also available:
    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/030_xpm.patch
    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/019_xpm.patch