[ubuntu/focal-security] gerbv 2.7.0-1ubuntu0.1 (Accepted)

George-Andrei Iosif andrei.iosif at canonical.com
Thu Jul 6 17:06:18 UTC 2023

gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write when processing T code
    - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
      invalid tool number in src/drill.c.
    - CVE-2021-40391
  * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
    - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
      used when pushing and popping from memory in src/gerber.c.
    - CVE-2021-40393
  * SECURITY UPDATE: integer overflow when processing RS-274X files
    - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
      can produce an integer overflow in src/gerber.c.
    - CVE-2021-40394
  * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
    - debian/patches/CVE-2021-40400.patch: Limits the read location to the
      intentionally readable memory in src/gerber.c.
    - CVE-2021-40400
  * SECURITY UPDATE: use after free when processing RS-274X definitions
    - debian/patches/CVE-2021-40401.patch: Checks a function parsing
      strings to not return NULL in src/gerber.c.
    - CVE-2021-40401
  * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
    - debian/patches/CVE-2021-40403.patch: Checks the return code of a
      sscanf call in src/pick-and-place.c.
    - CVE-2021-40403

Date: 2023-07-06 14:08:08.629328+00:00
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list