[ubuntu/focal-security] gerbv 2.7.0-1ubuntu0.1 (Accepted)
George-Andrei Iosif
andrei.iosif at canonical.com
Thu Jul 6 17:06:18 UTC 2023
gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write when processing T code
- debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
invalid tool number in src/drill.c.
- CVE-2021-40391
* SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
- debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
used when pushing and popping from memory in src/gerber.c.
- CVE-2021-40393
* SECURITY UPDATE: integer overflow when processing RS-274X files
- debian/patches/CVE-2021-40394.patch: Checks if the input parameters
can produce an integer overflow in src/gerber.c.
- CVE-2021-40394
* SECURITY UPDATE: out-of-bounds read when processing RS-274X files
- debian/patches/CVE-2021-40400.patch: Limits the read location to the
intentionally readable memory in src/gerber.c.
- CVE-2021-40400
* SECURITY UPDATE: use after free when processing RS-274X definitions
- debian/patches/CVE-2021-40401.patch: Checks a function parsing
strings to not return NULL in src/gerber.c.
- CVE-2021-40401
* SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
- debian/patches/CVE-2021-40403.patch: Checks the return code of a
sscanf call in src/pick-and-place.c.
- CVE-2021-40403
Date: 2023-07-06 14:08:08.629328+00:00
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
https://launchpad.net/ubuntu/+source/gerbv/2.7.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list