-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 07 Jan 2020 19:53:09 +0100 Source: fig2dev Architecture: source Version: 1:3.2.7a-5+deb10u3 Distribution: buster Urgency: medium Maintainer: Roland Rosenfeld <roland@debian.org> Changed-By: Roland Rosenfeld <roland@debian.org> Closes: 946628 946866 Changes: fig2dev (1:3.2.7a-5+deb10u3) buster; urgency=medium . * 42_CVE-2019-19746: Reject huge arrow types causing integer overflow. This fixes CVE-2019-19746 (Closes: #946628). * 43_fgets2getline: Replace most calls to fgets() by getline() in read.c. This fixes CVE-2019-19797 and several other segfaults (Closes: #946866). Checksums-Sha1: 2f533312a54f2b9b4eb3f554142e222beb0e3795 2264 fig2dev_3.2.7a-5+deb10u3.dsc 059e56314654871ec65f493d8c27289de31788e6 229696 fig2dev_3.2.7a-5+deb10u3.debian.tar.xz 0df3a471fd8717dc54d4d097b67063ebb1ddf6bc 9021 fig2dev_3.2.7a-5+deb10u3_source.buildinfo Checksums-Sha256: 4158ba63d6e9ba74337967ec13b6670a52f28cc78a04ac6ab32417bed02198bb 2264 fig2dev_3.2.7a-5+deb10u3.dsc f78abbb17ba2b0fe3b98c3be51def71161d4df8a8d68e96ae047b5cd8ccedd28 229696 fig2dev_3.2.7a-5+deb10u3.debian.tar.xz 8394a15967a8d837d33564631191627807de1278b4fdca9827fc0cebc68bbc2c 9021 fig2dev_3.2.7a-5+deb10u3_source.buildinfo Files: 7d82715329e10f895b7d123377617a90 2264 graphics optional fig2dev_3.2.7a-5+deb10u3.dsc 07d5a58a18ecbcadfd26dc57a8542014 229696 graphics optional fig2dev_3.2.7a-5+deb10u3.debian.tar.xz c95d84aa42ceee66f448b69884dda716 9021 graphics optional fig2dev_3.2.7a-5+deb10u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAl4U09AACgkQAnE7z8pU ELKOmw/6AhCvUa1SuGmQbvZr9v8wyQjrZsh7SYl2kR6sMulE0o9VDZd84FOu975v JG1aP0cF3vn/IrU+Nm+eEME+BRmNUysopWffGTfFbXWLlhOSEz3/YAjqXj1nAPxa Em833bzf5xfvYZuXsILMadZfJB5wbOhedIdZOYuUcWV5+vN7/rwRcsPXHWLEzk/p RHLOBzr/572vpMe5LnvHHcRf7+6d2U73U5Dvf2vbECLPebvCpiIpAQ9IgJrR7Ot4 J4b0WUvA3m6liQ0QwmXNn7uSqPT/RQ5mQ0MGvpQ5Kffg6taQ2cvd7RkEP7HLGh/t 0auBx9pLaPLFfG6HnWShM8xF5Y1xQJi9Qd1DR0F/oMPgMoRztJtVJ6ojRcFAjWOv xiFNJC2fzCyJmK9e/0HDwU+fcR1SmZJmIdjvM4wAoDOHxtvSuVyVbxmkowloN7PO 9kZXGLY90SAvdPLcDYTodfZMyx1I1qByg2yIkio8OD69JRzQlNYxg8IkW74BJAvj oYITqsl6e+T7bnEJg7lVwdDF9yw0NCc9CghNCNX+w+ub3hybRwPayUSzAn4CBQsV lWMnbgY+ohIIqElt4o4LeIIW46my5N4wT/Zmlf2aNIWIiQFw4SBOvF23Ptz17yBY CgqecfI2u4ChBgIoj4XIQ7KsC5noc7DgHF8E5zI1SkqXcBhrgvo= =M5bZ -----END PGP SIGNATURE-----