diff options
| author | Anton Gladky <gladk@debian.org> | 2023-03-05 17:02:01 +0100 |
|---|---|---|
| committer | Anton Gladky <gladk@debian.org> | 2023-03-05 17:02:01 +0100 |
| commit | da223faadfaa5bf8b212107dd2e9d82ec15bfe37 (patch) | |
| tree | f96a6dda475c4b861108cbb1d9226d555db9ffbb | |
| parent | 22aeaac23cff74795c058e327682790c7dfbbda3 (diff) | |
DLA-3353
| -rw-r--r-- | english/lts/security/2023/dla-3353.data | 10 | ||||
| -rw-r--r-- | english/lts/security/2023/dla-3353.wml | 34 |
2 files changed, 44 insertions, 0 deletions
diff --git a/english/lts/security/2023/dla-3353.data b/english/lts/security/2023/dla-3353.data new file mode 100644 index 00000000000..353e292a454 --- /dev/null +++ b/english/lts/security/2023/dla-3353.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-3353-1 xfig</define-tag> +<define-tag report_date>2023-03-05</define-tag> +<define-tag secrefs>CVE-2021-40241 Bug#992395</define-tag> +<define-tag packages>xfig</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2023/dla-3353.wml b/english/lts/security/2023/dla-3353.wml new file mode 100644 index 00000000000..3cb05be0683 --- /dev/null +++ b/english/lts/security/2023/dla-3353.wml @@ -0,0 +1,34 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> +<p>A security issue has been discovered in xfig, a diagramming tool for the +interactive generation of figures under X11.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2021-40241">CVE-2021-40241</a>: + + <p>A potential buffer overflow exists in the file src/w_help.c at line 55. + Specifically, the length of the string returned by getenv("LANG") may become + very long and cause a buffer overflow while executing the sprintf() function. + This vulnerability could potentially allow an attacker to execute arbitrary + code or cause a denial-of-service condition.</p></li> + +</ul> + +<p>For Debian 10 buster, this problem has been fixed in version +1:3.2.7a-3+deb10u1.</p> + +<p>We recommend that you upgrade your xfig packages.</p> + +<p>For the detailed security status of xfig please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/xfig">https://security-tracker.debian.org/tracker/xfig</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2023/dla-3353.data" +# $Id: $ |