[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3304-1] fig2dev security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3304-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/        Adrian Bunk <bunk@debian.org>
January 31, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : fig2dev
Version        : 1:3.2.7a-5+deb10u5
CVE ID         : CVE-2020-21529 CVE-2020-21531 CVE-2020-21532 CVE-2020-21676 
                 CVE-2021-32280
Debian Bug     : 960736

Brief introduction 

CVE-2020-21529

    Stack buffer overflow in bezier_spline().

CVE-2020-21531

    Global buffer overflow in conv_pattern_index().

CVE-2020-21532

    Global buffer overflow in setfigfont().

CVE-2020-21676

    Stack-based buffer overflow in genpstrx_text().

CVE-2021-32280

    NULL pointer dereference in compute_closed_spline().

For Debian 10 buster, these problems have been fixed in version
1:3.2.7a-5+deb10u5.

We recommend that you upgrade your fig2dev packages.

For the detailed security status of fig2dev please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fig2dev

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmPZfasACgkQiNJCh6LY
mLEk/Q//T02qlyAq+Twq3plI4lm1DvzTm7L6pj/ZxSgs1uKPdG29S/HRktCeyDCP
ZkSPMeWqiV9XSPP2YcFpegX1V4GbFoX4N42OiuLzHE/ErMzeCBEhq7aySx5bx8Qn
58kFoDJh+JU1F1VGzqzMN/oGVJREEt5CTzminjWFKixr1ajF+XIFtuQW7Z2gSs0F
NOjEVTHM7xKQMa17LKHMB3migMXd1zHlsb87uBc73TJfQNQSYvUuyUzWHFtPcPGO
DDiy4oFe3hnQvap6+WE9+F2Ly+Cuvk3SMcc1SsnLFOGpDvYd/2L2GrD8Z8BJPmDm
sAyMuXW3sgj7ApI4Ay+6z9T+m1JYhOyeEuQ4wXRaijLS/hPzRoRS8hRx5aKX2KVp
HDRx/1oGgC+O4YlDRzQJ1kg81Fm3p8B/WefW/s1b+kfo0g4R9Winhcq+h4jtTUwQ
NQNSG9JbbZt/vxZlba7McX4qiobtvD14E1JooQc3HNMIcWOPZ/cNnmqAuiDb0W/K
9cdj0FxDEQcZvyEk08Atk0xMuJ+cxD/9NSgDsCKya+yXTcyuzmZ4N9i1uBkAzw42
uXhrJWGHTOOhY5nLfNynkO/sbK+LDM77DCrxY10TgqevkXLTINkjmx3Fuot6iGMi
ys6my+7YaQ1itnZlVJBd8i3Sj2HX0CI8Hirp3WT864kVMSBFT+E=
=xKq8
-----END PGP SIGNATURE-----


Reply to: