Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 718806 (CVE-2019-14275, CVE-2019-19797) - <media-gfx/xfig-3.2.7b: Multiple vulnerabilities (CVE-2019-{14275,19797})
Summary: <media-gfx/xfig-3.2.7b: Multiple vulnerabilities (CVE-2019-{14275,19797})
Status: RESOLVED FIXED
Alias: CVE-2019-14275, CVE-2019-19797
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://sourceforge.net/p/mcj/tickets...
Whiteboard: B3 [noglsa cve]
Keywords: PullRequest
Depends on: 747559
Blocks:
  Show dependency tree
 
Reported: 2020-04-22 00:35 UTC by GLSAMaker/CVETool Bot
Modified: 2020-11-13 18:05 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-22 00:35:53 UTC
CVE-2019-14275 (https://nvd.nist.gov/vuln/detail/CVE-2019-14275):
  Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow
  function in bound.c.
Comment 1 Sam James archtester gentoo-dev Security 2020-04-22 00:47:23 UTC
Fixed in 3.2.7b.

Patch: https://sourceforge.net/p/mcj/fig2dev/ci/03ea4578258d2d9ca1ceb080e469ad261db39ef0/
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-01 03:51:49 UTC
CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797):
  read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
Comment 3 Sam James archtester gentoo-dev Security 2020-05-01 03:53:15 UTC
(In reply to GLSAMaker/CVETool Bot from comment #2)
> CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797):
>   read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.

https://sourceforge.net/p/mcj/tickets/67/
Comment 4 John Helmert III gentoo-dev Security 2020-06-30 20:03:18 UTC
(In reply to Sam James (sec padawan) from comment #3)
> (In reply to GLSAMaker/CVETool Bot from comment #2)
> > CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797):
> >   read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
> 
> https://sourceforge.net/p/mcj/tickets/67/

Appears to be fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/

We also have CVE-2018-16140:

"A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file."

Issue: https://sourceforge.net/p/mcj/tickets/28/
Patch: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830

Also fixed in 3.2.7b.
Comment 5 Larry the Git Cow gentoo-dev 2020-10-10 07:22:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c76540d35e33b244bb00d4a36a226d7afefb05f8

commit c76540d35e33b244bb00d4a36a226d7afefb05f8
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2020-10-02 07:38:42 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-10-10 07:22:34 +0000

    media-gfx/xfig: bump to 3.2.7b
    
    Bug: https://bugs.gentoo.org/718806
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Closes: https://github.com/gentoo/gentoo/pull/17744
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 media-gfx/xfig/Manifest           |  1 +
 media-gfx/xfig/xfig-3.2.7b.ebuild | 49 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
Comment 6 Agostino Sarubbo gentoo-dev 2020-10-14 09:17:34 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-10-14 09:17:58 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-10-14 09:18:19 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-10-14 09:18:39 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-10-14 09:18:59 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-10-14 19:22:55 UTC
x86 stable
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2020-10-15 22:42:27 UTC
hppa stable
Comment 13 John Helmert III gentoo-dev Security 2020-10-16 01:21:49 UTC
Please cleanup.
Comment 14 NATTkA bot gentoo-dev 2020-10-16 01:25:06 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 15 Larry the Git Cow gentoo-dev 2020-10-16 09:17:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=558c348423a6dd18867947c421b60c8fe6cfddd9

commit 558c348423a6dd18867947c421b60c8fe6cfddd9
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2020-10-16 06:10:58 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2020-10-16 09:16:02 +0000

    media-gfx/xfig: security cleanup
    
    Bug: https://bugs.gentoo.org/718806
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Closes: https://github.com/gentoo/gentoo/pull/17946
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 media-gfx/xfig/Manifest              |  1 -
 media-gfx/xfig/xfig-3.2.6a-r1.ebuild | 47 ------------------------------------
 2 files changed, 48 deletions(-)
Comment 16 John Helmert III gentoo-dev Security 2020-10-16 13:54:05 UTC
Thanks all. Needs vote.
Comment 17 Sam James archtester gentoo-dev Security 2020-11-13 18:05:11 UTC
GLSA vote: no!

Closing.