Source: gerbv Version: 2.9.8-1 Severity: important Tags: security upstream Forwarded: https://github.com/gerbv/gerbv/issues/191 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for gerbv. CVE-2023-4508[0]: | A user able to control file input to Gerbv, between versions 2.4.0 | and 2.10.0, can cause a crash and cause denial-of-service with a | specially crafted Gerber RS-274X file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4508 https://www.cve.org/CVERecord?id=CVE-2023-4508 [1] https://github.com/gerbv/gerbv/issues/191 [2] https://github.com/gerbv/gerbv/pull/192 [3] https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a Please adjust the affected versions in the BTS as needed. Regards, Salvatore
