Bug#876139: pcb-rnd user security patch
Package: release.debian.org
The pcb-rnd upstream has released a patch that closes a hole
through which arbitrary code can be executed if a user opens a
maliciously crafted printed circuit board design file.
There is no known instance of this being exploited in the field, there
is no root escalation, and the probability of someone opening a random
malicious printed circuit board design file is low. However, upstream
has provided a clean patch for version 1.1.4, so I think we should
update the package in stable.
Discussion with the security team led to the determination that this
doesn't meet the bar for a DSA update via security.debian.org, but we
agree it would be good to fix via point release.
I will prepare and upload a new version 1.1.4-2 targeting the stable
distribution later today.
Bdale
Reply to: