Re: xfig(1) in Debian 8/Jessie
Xfig 3.2.6a can be downloaded from sourceforge,
https://sourceforge.net/projects/mcj/, and compiled in Debian
8/Jessie, with "./configure --without-xaw3d" (if installed-apparently,
there is an issue between Debian 8/Jessie's xaw3d(3) and
xaw3d1_5e(3).)
This, apparently, fixes the core dump created by dot-dash-dot lines
being in a file, or being drawn by a user.
It is suggested that Debian 8/Jessie's repo be upgraded replacing the
vulnerable version.
John
John Conover writes:
>
> Hi Henrique. The problem was created by the Xfig 3.2 patchlevel 5b to
> 5c patchlevel, and has been fixed in 3.2.6, according to the xfig site
> at sourceforge.
>
> Might be a good idea to fix it in the repositories and updates because
> of application/x-xfig in ~/.mailcap vulnerabilities. (The problem
> doesn't effect Debian 7/Wheezy, or before, just Jessie and perhaps
> Stretch.)
>
> Thanks,
>
> John
>
> Henrique de Moraes Holschuh writes:
> > On Sun, 06 Aug 2017, John Conover wrote:
> > > On Debian 8/Jessie, i386, do:
> > >
> > > xfig xxx.fig
> > >
> > > Then, (draw a dash-dot-dash-dot line, anyplace):
> > >
> > > POLYLINE drawing
> > >
> > > Line Style
> > > select dash-dot-dash-dot ...
> > > and then draw a line, anyplace
> > >
> > > And, it does a SIGSEGV.
> >
> > Works on amd64/stretch. Does it work on i386/stretch?
> >
> > If it does, you could rebuild the stretch package in jessie and use
> > that...
> >
> > --
> > Henrique Holschuh
>
> --
>
> John Conover, conover@rahul.net, http://www.johncon.com/
--
John Conover, conover@rahul.net, http://www.johncon.com/
Reply to: