[SECURITY] [DLA 4134-1] fig2dev security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4134-1] fig2dev security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 21 Apr 2025 14:34:12 +0300
Message-id: <[🔎] aAYtNDGLRb3yMFhv@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4134-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 21, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : fig2dev
Version        : 1:3.2.8-3+deb11u2
CVE ID         : CVE-2025-31162 CVE-2025-31163 CVE-2025-31164

Multiple vulnerabilities have been fixed in the fig2dev utilities for 
converting XFig figure files.

CVE-2025-31162

    floating point exception with huge pattern lengths

CVE-2025-31163

    non-rejection of arcs with co-incident points

CVE-2025-31164

    heap buffer overflow on arc-box with zero radius

For Debian 11 bullseye, these problems have been fixed in version
1:3.2.8-3+deb11u2.

We recommend that you upgrade your fig2dev packages.

For the detailed security status of fig2dev please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fig2dev

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgGLTQACgkQiNJCh6LY
mLGZJhAAsalJyXRZN8hHDEbq+9UXaINAB/BU6/b/COPIHfJ6deH55IUCYn920Z3M
hFljfKwWBuT+NAC9AIozPfrPXIshq1tWQxgrr33OIINa22zjFFy53+7IFk018XD2
ek8tJEe9uz2u3sGwwoEqVOhoK7+o5ZULxN84kK3PiEopxkV19i4EIAGHK9dFRwnG
fOivewO86UOvQXsoZqC60e/zDH5vtPlLQTxpXDs7VwIxxrfCAmSErmvKUfOdvqVw
s7gBwyNy+1rAMBQamqNtCssCiSck734Ajk92254mvlz3E3pomlhs3h1H+w/FIOVD
j43+8VRguMqr/isZXwmIpm6YKwzR2Tv60SBAPqFsgebzI3L39Yj2cVAuC0jh6RY1
5Y+VB2+eA9C3YP0sQHu8v0T1sQM7qUfyUrSB4xs6pV1iGMPrah0yNGjA8y8BzkWZ
XYwseIBrfmxm0gQdg0UxsOdfjyQrgQoi84N4H9vBArWvXIiMv1FirF8b8/8soD+U
XzgUff9Cju6pewynIK2l+fI2RPKT3ozlf7V7YekRxKOwDcMLD/0njAjkYuJpfPXw
CGP1wpr5Dv8k14lbQey8J/pxoAmcQIPCfVYH5QZ+ml8dNstliJnjeZEOhYN7YKd5
ogQADPc11THIxt9DwPFo1F0m07elsQEArjg/Ttee5viqQ3MgJtM=
=rynP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4133-1] wget security update
Next by Date: [SECURITY] [DLA 4135-1] haproxy security update
Previous by thread: [SECURITY] [DLA 4133-1] wget security update
Next by thread: [SECURITY] [DLA 4135-1] haproxy security update
Index(es):
- Date
- Thread