Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted fig2dev 1:3.2.8-3+deb11u3 (source) into oldstable-security
Date: Wed, 30 Apr 2025 17:50:22 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Apr 2025 16:32:32 +0200
Source: fig2dev
Architecture: source
Version: 1:3.2.8-3+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 fig2dev (1:3.2.8-3+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2025-46397: Stack overflow vulnerability in bezier_spline().
   * Fix CVE-2025-46398: Stack overflow vulnerability in read_objects().
   * Fix CVE-2025-46399: Segmentation fault issue in genge_itp_spline().
   * Fix CVE-2025-46400: Segmentation fault issue in read_arcobject().
   * Fix potential segfault when freeing arc objects read from version 1.3 fig
     files.
   * Fix stack overflow issue when translating splines where the first control
     point is a huge value.
Checksums-Sha1:
 71ff71d47014e2ce267c34959e57bd043a4e03df 2322 fig2dev_3.2.8-3+deb11u3.dsc
 4e0ff5d034d1a6da596ac1dd5692ab1337dcd1ef 220180 fig2dev_3.2.8-3+deb11u3.debian.tar.xz
 a17af8ef3c71d0f6202afcac1fa9c378a8f0c49c 9757 fig2dev_3.2.8-3+deb11u3_amd64.buildinfo
Checksums-Sha256:
 82c72ebc9340f498285426bb8dbdbbe6d978f6f7747e9db27f29b3afa7ae5837 2322 fig2dev_3.2.8-3+deb11u3.dsc
 fcaafa98216a6f6f26d56b8b5c6567ce299c8adfbb8891f70fd3a3d48b2e17b3 220180 fig2dev_3.2.8-3+deb11u3.debian.tar.xz
 d69422ca326770a23d626b8a9420a9e441f410ac6689ecaec6e6246edfcb5214 9757 fig2dev_3.2.8-3+deb11u3_amd64.buildinfo
Files:
 09b364c7fc58e937f80898e66a6572e2 2322 graphics optional fig2dev_3.2.8-3+deb11u3.dsc
 26d22f36717e71107cad1e104b8afe0c 220180 graphics optional fig2dev_3.2.8-3+deb11u3.debian.tar.xz
 0a2edd5f5d3b9514573bd34be23f33ce 9757 graphics optional fig2dev_3.2.8-3+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmgSNWwACgkQ05pJnDwh
pVI3/RAAid0FbL3VytwfF3mtrojYgnwga92dDHvWZoDAgxrHgNOZSzhNydn+5fag
0ik/ZT/PdwBxay4N+5SIOmtjK9WK2Nvir6qIsrUD19rp+1KPL/IDmbAVsJcYu/2h
B/ugWRn6xd4ndjHUinUCIDLK7K5vXNUoDjdzciU7nTdXqqbZqgIt7uYF/m0sOnJF
StEbd8qulxxt7Ni1vW6O8muNxOM8Yt2rHo5PJAoAESUxYAI1nHIMQ/pd5Bs3YD96
n56tIhyPDEMEfqf0htmyaLzDzk+J1OGZIA5AEj6zCd1fJLzySRqPX8TJYDbBWwSH
7ShUpAA8NHR8FQ675a8eowS/lOdcuHeOGCWuUEraviQBmxYdEbQASmyF+IdhiLsl
Xi3tEz+izuOQ+RaRYu67Dt5YbRaXPOimrZMQGcRnn3nW5SIgujhc8qXFE1kNvLli
/fw1I63g6q3wYQSrEPiuoLd4Ur0mc994DxohvjRVPue9K75jucYFKIH4OwDTPxmx
LCK80vKPKoIOvs6NCCqbKwnBZWr3vY/ttgC9xXO6XFX4VHpAIs+h4QKrhNcdf1Vv
TfXcgycJq6EXSxx6vLahIfS86riOBwTis2vgrPdsoRTMNHJVXm8D/z9HXpD0JV/O
tcUXYfsFZV2+CzlLd4mym/aDTcARjfG/P/jRbfwmM+8Q1UEtExw=
=H/3V
-----END PGP SIGNATURE-----

News for package fig2dev