gerbv - Debian Package Tracker

general

source: gerbv (main)
version: 2.9.2-1
maintainer: Debian Electronics Team (archive) (DMD)
uploaders: Gudjon I. Gudjonsson [DMD] – Carsten Schoenert [DMD]
arch: any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6.1-2
o-o-sec: 2.6.1-2+deb9u1
oldstable: 2.7.0-1
stable: 2.7.0-2+deb11u1
testing: 2.9.2-1
unstable: 2.9.2-1

versioned links

2.6.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6.1-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.7.0-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gerbv

action needed

4 security issues in buster high

There are 4 open security issues in buster.

2 important issues:

CVE-2021-40401: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40403: An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

2 issues postponed or untriaged:

CVE-2021-40393: (needs triaging) An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40394: (needs triaging) An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Created: 2022-07-04 Last update: 2022-08-01 13:40

4 security issues in bullseye high

There are 4 open security issues in bullseye.

2 important issues:

CVE-2021-40401: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40403: An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.

2 issues left for the package maintainer to handle:

CVE-2021-40393: (needs triaging) An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40394: (needs triaging) An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-01 13:40

Depends on packages which need a new maintainer normal

The packages that gerbv depends on which need a new maintainer are:

extra-xdg-menus (#981051)
- Recommends: extra-xdg-menus

Created: 2021-01-25 Last update: 2022-08-17 09:02

lintian reports 11 warnings normal

Lintian reports 11 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-09-06 Last update: 2022-07-30 12:13

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

gerbv: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:13

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2020-02-26 10:49

news

[rss feed]

[2022-06-24] gerbv 2.9.2-1 MIGRATED to testing (Debian testing watch)
[2022-06-19] Accepted gerbv 2.9.2-1 (source) into unstable (Carsten Schoenert)
[2021-12-29] gerbv 2.8.2-1 MIGRATED to testing (Debian testing watch)
[2021-12-24] Accepted gerbv 2.7.0-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Carsten Schoenert)
[2021-12-24] Accepted gerbv 2.8.2-1 (source) into unstable (Carsten Schoenert)
[2021-12-05] Accepted gerbv 2.7.0-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Carsten Schoenert)
[2021-12-03] Accepted gerbv 2.6.1-2+deb9u1 (source) into oldoldstable (Anton Gladky)
[2021-12-02] gerbv 2.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-11-27] Accepted gerbv 2.8.1-1 (source) into unstable (Carsten Schoenert)
[2021-11-19] gerbv 2.8.0-1 MIGRATED to testing (Debian testing watch)
[2021-11-13] Accepted gerbv 2.8.0-1 (source) into unstable (Carsten Schoenert)
[2021-11-12] gerbv 2.7.1-1 MIGRATED to testing (Debian testing watch)
[2021-11-07] Accepted gerbv 2.7.1-1 (source) into unstable (Carsten Schoenert)
[2020-06-12] gerbv 2.7.0-2 MIGRATED to testing (Debian testing watch)
[2020-06-07] Accepted gerbv 2.7.0-2 (source) into unstable (Carsten Schoenert)
[2019-03-01] gerbv 2.7.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-18] Accepted gerbv 2.7.0-1 (source) into unstable (Carsten Schoenert)
[2019-01-18] gerbv 2.6.2-1 MIGRATED to testing (Debian testing watch)
[2019-01-13] Accepted gerbv 2.6.2-1 (source) into unstable (Gudjon I. Gudjonsson) (signed by: Carsten Schoenert)
[2017-11-29] gerbv 2.6.1-3 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted gerbv 2.6.1-3 (source amd64) into unstable (أحمد المحمودي (Ahmed El-Mahmoudy)) (signed by: Jonathan McDowell)
[2017-01-27] gerbv 2.6.1-2 MIGRATED to testing (Debian testing watch)
[2017-01-16] Accepted gerbv 2.6.1-2 (source) into unstable (Dr. Tobias Quathamer)
[2017-01-06] gerbv 2.6.1-1 MIGRATED to testing (Debian testing watch)
[2016-12-26] Accepted gerbv 2.6.1-1 (source) into unstable (Dr. Tobias Quathamer)
[2016-04-08] gerbv 2.6.0-1.1 MIGRATED to testing (Debian testing watch)
[2016-04-02] Accepted gerbv 2.6.0-1.1 (source) into unstable (Tobias Frost)
[2012-04-18] gerbv 2.6.0-1 MIGRATED to testing (Debian testing watch)
[2012-04-07] Accepted gerbv 2.6.0-1 (source i386) (Gudjon I. Gudjonsson) (signed by: Wesley J. Landaker)
[2011-06-24] gerbv 2.5.0-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 11)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 100)

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.9.2-1
1 bug