2023/03, FLOSS activity

Debian activities Link to heading

• Prepare and upload:

  • vtk9_9.2.6+dfsg1-1+exp1
  • svgpp_1.3.0+dfsg1-5, closing #1014599, CVE-2021-44960 and CVE-2019-6245, CVE-2019-6247

• Review and sponsor:

  • veusz_3.6.2-1

LTS / ELTS Link to heading

• Frontdesk / update of internal scripts / administrative work.

• Mark CVE-2009-4228 as not-affected (xfig)

• DLA-3353-1 xfig_3.2.7a-3+deb10u1

  • CVE-2021-40241: A potential Buffer Overflow exist in (src/w_help.c:55). The length of getenv(“LANG”) may become very long and cause Buffer Overflow while executing sprintf(…).

• DLA-3376-1 svgpp_1.2.3+dfsg1-6+deb10u1

  • CVE-2021-44960 The XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly. Specifically, it returned a null pointer prematurely at the second if statement, resulting in a null pointer reference behind the renderDocument function.
  • CVE-2019-6245 and CVE-2019-6247 issues were discovered in Anti-Grain Geometry (AGG) within the function agg::cell_aa::not_equal. Since svgpp is a header-only library, the issue is only transitive in theory. As a result, only a dependency version hardening has been added to the control file.