[ubuntu/focal-security] fig2dev 1:3.2.7a-7ubuntu0.1 (Accepted)
Amir Naseredini
amir.naseredini at canonical.com
Mon Feb 13 13:50:24 UTC 2023
fig2dev (1:3.2.7a-7ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2019-19555[-test].patch: fixed a buffer overflow in
read_textobject function and added tests to see if it's fixed.
- debian/patches/CVE-2020-21534.patch: fixed an out-of-bounds write
in read_colordef function (CVE-2019-19797), a segmentation fault
in read_objects function (CVE-2020-21530), a buffer overflow in
read_textobject function (CVE-2020-21533), a buffer overflow in
get_line function (CVE-2020-21534), a segmentation fault in
gencgm_start function (CVE-2020-21535), and a buffer overflow in
genptk_text function (CVE-2020-21675).
- debian/patches/CVE-2020-21529[1-2].patch: fixed a buffer overflow in
bezier_spline function.
- debian/patches/CVE-2020-21531.patch: fixed a buffer overflow in
conv_pattern_index function.
- debian/patches/CVE-2020-21532.patch: fixed a buffer overflow in
setfigfont function.
- debian/patches/CVE-2020-21676.patch: fixed a buffer overflow in
genpstrx_text function.
- debian/patches/CVE-2021-3561.patch: fixed a flawed bounds check in
read_objects function.
- debian/patches/CVE-2021-32280.patch: fixed a NULL pointer dereference
in compute_closed_spline function.
- CVE-2019-19555
- CVE-2019-19797
- CVE-2020-21530
- CVE-2020-21533
- CVE-2020-21534
- CVE-2020-21535
- CVE-2020-21675
- CVE-2020-21529
- CVE-2020-21531
- CVE-2020-21532
- CVE-2020-21676
- CVE-2021-3561
- CVE-2021-32280
Date: 2023-02-13 10:58:13.439530+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
https://launchpad.net/ubuntu/+source/fig2dev/1:3.2.7a-7ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list