Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE: some
of these details are obtained from third party information.
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and
earlier allows remote attackers to cause a denial of service
(application crash) via a long string in a malformed .fig file that
uses the 1.3 file format, possibly related to the readfp_fig function
CVE-2009-4227 is fixed in 3.2.5b and stabilization I guess will happen in bug 264575.
CVE-2009-4228 - iiuc redhat states fortify features should help us to avoid that problem, but still there is not patch for that issue.
- This package is using imake (bug 289296)
- Doesn't compile against vanilla libpng 1.4 (bug 308437)
- Is vulnerable (this bug)
No way, I'm maintaining that package. imake is not a bug. If you have bugs, fill them and assign on me.
Is this bug still valid?
CVE-2009-4228 is fixed in Xfig 3.2.5c 
 - http://xfig.org/art17.html
Maintainers, can we proceed to stabilize =media-gfx/xfig-3.2.5c ? Thanks
Yes, go ahead with stabilization:
Stable for HPPA.
Builds and runs fine on x86. Rdeps build fine as well. Please mark stable for x86
Stable on alpha.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
GLSA has been drafted and is ready for peer-review.
This issue was resolved and addressed in
GLSA 201412-14 at http://security.gentoo.org/glsa/glsa-201412-14.xml
by GLSA coordinator Sean Amoss (ackle).