CVE-2021-40241: xfig 3.2.7 is vulnerable to Buffer Overflow. The buffer overflow is only exploitable via an environment variable, so I don't see how this is really impactful.
The bug report indicates that this is fixed in 3.2.8a and we only have 3.2.8b in the repository right now. GLSA vote: no.