[SECURITY] [DLA 2073-1] transfig security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : transfig
Version : 1:3.2.5.e-4+deb8u2
CVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555
Several issues have been found in transfig, a XFig figure files converter.
CVE-2018-16140
Buffer underwrite vulnerability in get_line()
allows an attacker to write prior to the beginning of the
buffer via a crafted .fig file.
CVE-2019-14275
Stack-based buffer overflow in the calc_arrow
function in bound.c.
CVE-2019-19555
Stack-based buffer overflow because of an
incorrect sscanf.
For Debian 8 "Jessie", these problems have been fixed in version
1:3.2.5.e-4+deb8u2.
We recommend that you upgrade your transfig packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl4ncAwACgkQYS7xYT4F
D1T1XxAAlzbHFbpMyaQHlv5dBT2XXYTsAril9dX9X7GZJZc3bOLEq6ivZ1bGISTV
Pvzq/zqeB87OE6QSx567vGsUQ+wGeRKXgTWQBifbkByiVkZkewjOFrGFkfnrJJxQ
FQ1suLilZmRLJKc7V+3lisGKK8LIErppJMA3pSc2wovLfu3ZK84TbF29PBOoyGXF
L1Q6raE2SXJmmOaRAYJEaH0wDBHKD3NKtikxEQA9atyQgkn7lmXO75YAh0xPPbcI
EBQ7dufVRdTzS8PP7bYrdHrZdJ7QUAdgnW14+Z0fgT1XiAfPcN4vj5/AQ2ciDVrh
3wHfJY8kPLStX4OQEkOC0P9ydqJYj6cUhgX6jcewL/Ak7XMGzKxeaHYwWjpROJdY
bT5OkpO7dkMaYUBpk5//eqWQjNr674ydnvpBSKNJvw2qSbn03Hcsf4yKtf2uGYwl
0rGtJUDAYZDbYy3t8PwzzZ62xsjhrg4/xsybPJe411mXIqj300TlWxUnjCQlK6be
1aIYf59b3gMvOpib++0Q5973/Rrcpf7D4xYJV5kxC7ejOzTXCYBS4XFigUS4dNhT
nnZxwYS9HZ5drh+La3FBT5LKOPr0/9Y4f9H3+8Ru4Ug1PUr6MWpiWj9SyqVYSjrR
EJ0PKyYfo5J7xsIEggWFp50Q+H/KYzx8IggxLQbiphLZlnI+jW8=
=6f9i
-----END PGP SIGNATURE-----
Reply to: