Headline
CVE-2021-40241: #992395 - xfig: Potential Buffer Overflow vulnerability in src/w_help.c
xfig 3.2.7 is vulnerable to Buffer Overflow.
Toggle useless messages
Report forwarded to [email protected], [email protected], Roland Rosenfeld [email protected]:
Bug#992395; Package xfig. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).
Acknowledgement sent to “Potential Buffer Overflow vulnerability in xfig-3.2.7b” [email protected]:
New Bug report received and forwarded. Copy sent to [email protected], Roland Rosenfeld [email protected]. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).
Message #5 received at [email protected] (full text, mbox, reply):
Package: xfig Version: xfig Severity: important
Dear Maintainer,
It seems that there exists a potential Buffer Overflow. (src/w_help.c:55) sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv(“LANG”));
the length of getenv(“LANG”) may become very long and cause Buffer Overflow while executing sprintf(…).
-System Information: Debian Release: 11.0 APT prefers oldstable-updates APT policy: (500, ‘oldstable-updates’), (500, ‘oldstable’) Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-19041-Microsoft Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect
Versions of packages xfig depends on: pn fig2dev | transfig <none> ii libc6 2.31-13 ii libjpeg62-turbo 1:1.5.2-2+deb10u1 ii libpng16-16 1.6.36-6 ii libx11-6 2:1.6.7-1+deb10u2 ii libxi6 2:1.7.9-1 pn libxpm4 <none> ii libxt6 1:1.1.5-1+b3 ii sensible-utils 0.0.14 pn xaw3dg <none>
Versions of packages xfig recommends: pn xfig-libs <none>
Versions of packages xfig suggests: pn cups-client | lpr <none> pn ghostscript <none> pn gimp <none> pn gsfonts-x11 <none> pn netpbm <none> pn spell <none> pn xfig-doc <none>
Reply sent to Roland Rosenfeld [email protected]:
You have taken responsibility. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).
Notification sent to “Potential Buffer Overflow vulnerability in xfig-3.2.7b” [email protected]:
Bug acknowledged by developer. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).
Message #12 received at [email protected] (full text, mbox, reply):
Source: xfig Source-Version: 1:3.2.8a-1 Done: Roland Rosenfeld [email protected]
We believe that the bug you reported is fixed in the latest version of xfig, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is attached.
Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software pp. Roland Rosenfeld [email protected] (supplier of updated xfig package)
(This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Format: 1.8 Date: Fri, 20 Aug 2021 13:26:32 +0200 Source: xfig Architecture: source Version: 1:3.2.8a-1 Distribution: unstable Urgency: medium Maintainer: Roland Rosenfeld [email protected] Changed-By: Roland Rosenfeld [email protected] Closes: 992395 Changes: xfig (1:3.2.8a-1) unstable; urgency=medium . * New upstream release 3.2.8a. * 07_missing-config.h, 08_fig-format-doc, 09_repair-table-doc are now incorporated upstream. * Adapt file preservation to new upstream version. * Update debian/copyright. * Move xfig binary to /usr/libexec/xfig/xfig. * Package test binaries and use them in autopkgtest. * Update to Standards-Version 4.6.0 (no changes). * 07_LANG_overflow: Avoid buffer overflow in LANG (Closes: #992395). Checksums-Sha1: 3c61e420b37da903f6a7e246fb0bacdab13c5ab8 2268 xfig_3.2.8a-1.dsc 0ac17ad33fdc8d570c187641e3d62ca9cd8faa2e 5380896 xfig_3.2.8a.orig.tar.xz cd9de585ba1cf9f60cb888db8e6c23aedac8db8a 31736 xfig_3.2.8a-1.debian.tar.xz 7ec24ede8ad6c45982f1d6daecdf8eb2bbeb78db 8802 xfig_3.2.8a-1_source.buildinfo Checksums-Sha256: 5ccff8d437f6cca74c999902606c5288bc2faa3d4e369fbf5e9e41f06f528b83 2268 xfig_3.2.8a-1.dsc ba43c0ea85b230d3efa5a951a3239e206d0b033d044c590a56208f875f888578 5380896 xfig_3.2.8a.orig.tar.xz 5bce4925951b4da43606ea0fdbc58e6d5bd586db5d3288f1b6abd2f69bc7dbe8 31736 xfig_3.2.8a-1.debian.tar.xz 8b72190e5c937543ef4692e84125a5bc816e234e68982b38f2c2d9f63e48f407 8802 xfig_3.2.8a-1_source.buildinfo Files: 47505378c399e92bd8320c9e7c3cfa26 2268 graphics optional xfig_3.2.8a-1.dsc 58dd2b6f9f17d7006c78156ce2da0073 5380896 graphics optional xfig_3.2.8a.orig.tar.xz 21becafff522811fd703ad707848b2c8 31736 graphics optional xfig_3.2.8a-1.debian.tar.xz 1ad72572a407e7d1ee3be3d287bbf4f4 8802 graphics optional xfig_3.2.8a-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmEfkesACgkQAnE7z8pU ELK3ihAAjb2QzTyLRtUVTT50trBehzl8WJvfo7txeYBvJZup+j0hd0T46EFlpZ7M gTFTN2zxWf7w8WUYQyfSqM7anzl3otEEaLSQ3kE3vzo+ZH9T0J98m2F/OQbEqF1u QLbZxQF4f8M98s3TY3qBrE8Q+jN9CxcAaHMD4raoUw5LVz6FJ8c/l/xg8AQN2ekK YWwwhZnxRWJjM3mu6hK7Cj9ihOsrs6f9q10t08q6sKVnuWLTUuvl5mGB3cDd/zHk YNJ724pBwqUNPU1sDfGl6/DWiuWjmJwaQ1H/MnPEnV/7Utu3adfvF7AAodmxuV91 Jvx5Tb9VqnY84eRdCi2zFFyMKk4Kv6VXNLcOtFbpg7chFcWApIm+NY4Ql5s21yZg JJZgrVHEo1rjqGbNQ9dnQHN8qZCANeKbJ44eGDgFnYPrUr963TWHhbDOOcwgU4sS /HQf6aeq6OtXU5gSpLW2yfex2PAPustTmedREnSLuI3V5yiQxNa3Z8fQe3I36AKR f0M4PU0c8JFEucA4ocwnzKflGsEqwGd/0OOSiPLShCdE+iaBrbz7FaOnQBO81Oyx KUEXbL19EgBvSiz1oXIuVxgoObcEx2PK+W8uw1RkWq7Y2yjfx2N+kuDvTsJAEDzA xYOtje3y6/VKKGWBVlDz8rFJSBA0hSY68XS+xQTzFPnNIU5wFPw= =/r76 -----END PGP SIGNATURE-----
Bug archived. Request was from Debbugs Internal Request [email protected] to [email protected]. (Sat, 18 Sep 2021 07:29:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <[email protected]>. Last modified: Mon Oct 31 16:35:27 2022; Machine Name: buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.