Source: openscad Severity: important Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Upstream has reported two out-of-bounds memory access bugs, which have been assigned CVEs: https://github.com/openscad/openscad-security-advisory/issues/3 CVE-2022-0497 https://github.com/openscad/openscad-security-advisory/issues/4 CVE-2022-0496 The impact of the bugs looks not very severe at first glance (read access outside og memory array). But since there are associated CVEs it seems useful to track for Debian. Patches, including backported versions, are available from upstream. -- Package-specific info: Output of /usr/share/bug/openscad: $ glxinfo |grep 'OpenGL .* string:' OpenGL vendor string: Intel OpenGL renderer string: Mesa Intel(R) UHD Graphics 620 (KBL GT2) OpenGL core profile version string: 4.6 (Core Profile) Mesa 20.3.5 OpenGL core profile shading language version string: 4.60 OpenGL version string: 4.6 (Compatibility Profile) Mesa 20.3.5 OpenGL shading language version string: 4.60 OpenGL ES profile version string: OpenGL ES 3.2 Mesa 20.3.5 OpenGL ES profile shading language version string: OpenGL ES GLSL ES 3.20 -- System Information: Debian Release: 11.2 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debconf-show failed