-
fig2dev (1:3.2.7b-3) unstable; urgency=medium
[ Debian Janitor ]
* Add missing colon in closes line.
* Set upstream metadata fields: Archive, Bug-Submit (from
./configure).
[ Roland Rosenfeld ]
* Update upstream metadata and add several fields.
* 31_CVE-2019-19746: Reject huge arrow types causing integer overflow.
This fixes CVE-2019-19746 (Closes: #946628).
* 30_CVE-2019-19555: Add test to the patch.
* 32_fgets2getline: Replace most calls to fgets() by getline() in
read.c. This fixes CVE-2019-19797 (Closes: #946866).
-- Roland Rosenfeld <email address hidden> Mon, 06 Jan 2020 22:13:27 +0100
-
fig2dev (1:3.2.7b-2) unstable; urgency=medium
* 30_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
This fixes CVE-2019-19555. Closes (#946176).
-- Roland Rosenfeld <email address hidden> Wed, 04 Dec 2019 22:04:13 +0100
-
fig2dev (1:3.2.7b-1) unstable; urgency=medium
* New upstream version 3.2.7b.
* Update all patches to new version.
* 30_man_typo, 31_maxcomments, 32_freelinestorage, 33_hardeninput,
34_one_point_spline, 35_neg_colornum, 36_free_realname,
38_omit_showpage, 39_tikz-notex, and 40_circle_arrowhead are now
incorporated upstream.
* Do not clip objects with line-thickness 0 having arrows (Closes: #933604).
* Define version test as superficial.
* Upgrade to Standards-Version 4.4.1 (no changes).
-- Roland Rosenfeld <email address hidden> Fri, 08 Nov 2019 16:19:03 +0100
-
fig2dev (1:3.2.7a-7ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2019-19555[-test].patch: fixed a buffer overflow in
read_textobject function and added tests to see if it's fixed.
- debian/patches/CVE-2020-21534.patch: fixed an out-of-bounds write
in read_colordef function (CVE-2019-19797), a segmentation fault
in read_objects function (CVE-2020-21530), a buffer overflow in
read_textobject function (CVE-2020-21533), a buffer overflow in
get_line function (CVE-2020-21534), a segmentation fault in
gencgm_start function (CVE-2020-21535), and a buffer overflow in
genptk_text function (CVE-2020-21675).
- debian/patches/CVE-2020-21529[1-2].patch: fixed a buffer overflow in
bezier_spline function.
- debian/patches/CVE-2020-21531.patch: fixed a buffer overflow in
conv_pattern_index function.
- debian/patches/CVE-2020-21532.patch: fixed a buffer overflow in
setfigfont function.
- debian/patches/CVE-2020-21676.patch: fixed a buffer overflow in
genpstrx_text function.
- debian/patches/CVE-2021-3561.patch: fixed a flawed bounds check in
read_objects function.
- debian/patches/CVE-2021-32280.patch: fixed a NULL pointer dereference
in compute_closed_spline function.
- CVE-2019-19555
- CVE-2019-19797
- CVE-2020-21530
- CVE-2020-21533
- CVE-2020-21534
- CVE-2020-21535
- CVE-2020-21675
- CVE-2020-21529
- CVE-2020-21531
- CVE-2020-21532
- CVE-2020-21676
- CVE-2021-3561
- CVE-2021-32280
-- Amir Naseredini <email address hidden> Mon, 13 Feb 2023 09:53:05 +0000
-
fig2dev (1:3.2.7a-7) unstable; urgency=medium
* 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
with a magnification larger 42. This fixes CVE-2019-14275.
(Closes: #933075).
-- Roland Rosenfeld <email address hidden> Sat, 27 Jul 2019 09:42:52 +0200