-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3353-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky March 05, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : xfig Version : 1:3.2.7a-3+deb10u1 CVE ID : CVE-2021-40241 Debian Bug : 992395 A security issue has been discovered in xfig, a diagramming tool for the interactive generation of figures under X11. CVE-2021-40241: A potential buffer overflow exists in the file src/w_help.c at line 55. Specifically, the length of the string returned by getenv("LANG") may become very long and cause a buffer overflow while executing the sprintf() function. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. For Debian 10 buster, this problem has been fixed in version 1:3.2.7a-3+deb10u1. We recommend that you upgrade your xfig packages. For the detailed security status of xfig please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xfig Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmQEvKEACgkQ0+Fzg8+n /waH1g/+IW/TB5mq/oTzEmohkmCwfz/j6WiRQr90yWo3TU/o2HkO7owpbqJuMNvi gLADPK4qd1sL52oAZ9hThjnxaDtnqGRxkuRVxu0IVIMeH/wlXzj2+r58k+iBOhzY oE07ccCa436IhS72djbBRNvEDBZv72NQicU3fXQXPJcizyOvITw/x+ykc9gBHICO UnDj9HE9x5QTDH+BgTVZg/43jAzC2SF2Ydq/Z7yrKI1MFvZgZFXNrYc+BtBHlQWU Z1ZSb+WxltKDb8tb9buPZzdhZmfPnz/6y0fDylEfSislTVjbK0CbgL0AxCNTqniD JX7/KWCrVvg7goTk9br3DMlqvX1EMRe+cEY8VZealIFwQ8GTyBMhx1Kq8iCwrH/v 8oSoIGNw1y48ijvvwl5r73Twxb7PJoB8NWidt99gnwMlH6jf40CB7m/K2pxoft+p so5yGBIMIYxty5A+82NK9wesS4ckYJy9aMsYpge4tzkL98T1zYfraHVUZeEVc01I e4rsDlrO73MRyjgPkLUU+EoFjv+Z23BypjRpCiE2NUGk964pa2vThANWkOsTC1qj 7GPq7Sa664bPojjaPdD4BWHn062ibVoeAd88IHyJxwzijM3vLtjrJoma7hmcYYpV 0Km5ITJ0+nZ2wxgRcD+P4S4OGZvVRNJdkDcoWfddi2SJyXM4OeE= =rD2W -----END PGP SIGNATURE-----