[ubuntu/plucky-security] gnuplot 6.0.2+dfsg1-1ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Thu Sep 25 00:05:37 UTC 2025
gnuplot (6.0.2+dfsg1-1ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2025-3359.patch: Refactor font name parsing to
prevent off by one error
- debian/patches/CVE-2025-31176.patch: Add extra guard to prevent
invalid read from plot->labels
- debian/patches/CVE-2025-31178.patch: Use snprintf to protect
against garbage user-supplied mouse format
- debian/patches/CVE-2025-31179.patch: Add guard against trying to
format a huge number as a time
- debian/patches/CVE-2025-31180.patch: Handle nonlinear x2 or y2 axis
with an incomplete definition
- debian/patches/CVE-2025-31181.patch: Protect against double fclose()
if two errors occur in a row
- CVE-2025-3359
- CVE-2025-31176
- CVE-2025-31178
- CVE-2025-31179
- CVE-2025-31180
- CVE-2025-31181
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2025-31177.patch: Add extra guard against y
bound of dumb terminal charcell array
- CVE-2025-31177
Date: 2025-09-03 04:57:24.635585+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/gnuplot/6.0.2+dfsg1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list