CVE-2019-14275 (https://nvd.nist.gov/vuln/detail/CVE-2019-14275): Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
Fixed in 3.2.7b. Patch: https://sourceforge.net/p/mcj/fig2dev/ci/03ea4578258d2d9ca1ceb080e469ad261db39ef0/
CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797): read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
(In reply to GLSAMaker/CVETool Bot from comment #2) > CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797): > read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. https://sourceforge.net/p/mcj/tickets/67/
(In reply to Sam James (sec padawan) from comment #3) > (In reply to GLSAMaker/CVETool Bot from comment #2) > > CVE-2019-19797 (https://nvd.nist.gov/vuln/detail/CVE-2019-19797): > > read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. > > https://sourceforge.net/p/mcj/tickets/67/ Appears to be fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ We also have CVE-2018-16140: "A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file." Issue: https://sourceforge.net/p/mcj/tickets/28/ Patch: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830 Also fixed in 3.2.7b.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c76540d35e33b244bb00d4a36a226d7afefb05f8 commit c76540d35e33b244bb00d4a36a226d7afefb05f8 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2020-10-02 07:38:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-10-10 07:22:34 +0000 media-gfx/xfig: bump to 3.2.7b Bug: https://bugs.gentoo.org/718806 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Closes: https://github.com/gentoo/gentoo/pull/17744 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-gfx/xfig/Manifest | 1 + media-gfx/xfig/xfig-3.2.7b.ebuild | 49 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+)
amd64 stable
arm stable
ppc stable
ppc64 stable
sparc stable
x86 stable
hppa stable
Please cleanup.
Resetting sanity check; package list is empty or all packages are done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=558c348423a6dd18867947c421b60c8fe6cfddd9 commit 558c348423a6dd18867947c421b60c8fe6cfddd9 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2020-10-16 06:10:58 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2020-10-16 09:16:02 +0000 media-gfx/xfig: security cleanup Bug: https://bugs.gentoo.org/718806 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Closes: https://github.com/gentoo/gentoo/pull/17946 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> media-gfx/xfig/Manifest | 1 - media-gfx/xfig/xfig-3.2.6a-r1.ebuild | 47 ------------------------------------ 2 files changed, 48 deletions(-)
Thanks all. Needs vote.
GLSA vote: no! Closing.