• [SECURITY] [DSA 5653-1] gtkwave security update

    From Moritz Muehlenhoff@21:1/5 to All on Sat Apr 6 09:52:04 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5653-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    April 03, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gtkwave
    CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
    CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703
    CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957
    CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961
    CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969
    CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994
    CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746
    CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915
    CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417
    CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442
    CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446
    CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575
    CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921
    CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618
    CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622
    CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650
    CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657
    CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271
    CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275
    CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414
    CVE-2023-39443 CVE-2023-39444

    Claudio Bozzato discovered multiple security issues in gtkwave, a file
    waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if malformed files are opened.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 3.3.104+really3.3.118-0+deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in version 3.3.118-0.1~deb12u1.

    We recommend that you upgrade your gtkwave packages.

    For the detailed security status of gtkwave please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/gtkwave

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYNpa8ACgkQEMKTtsN8 TjaBoRAAm9RrMuWHsKODDA8KffviTPutfYnisOLvciRUZqUHbvYQExE0o/G/JMUh 21d80NA0jdkZgkGePfnoLRKy95fGu6hL0jgNBt8A/Irmx+uji00MjD+sFAAH42Zm DrrKRRmDmUywuOyNVWDm2Zr0LlbjAEvXmdwA6bRO6CueaWGYXYuTn3JQZCUNfsHr ciLi6qY5LsR7kEH866ue9PqDxb8Zfmnqm+C/OZZQT3yevXwENANkXR731O7tLuYh LWr4WC9DfXzfyG5MYQkbQ989XhUUCPBOYfZIRCqAuh45lFrorNGY7WE+DtLgdeoM q9DlRylsTuMW38A+AtON9TnH4o8fXQWoLI+g4MoVddxmJucDrTnBVESnqIMXSxh+ YZ6zCNcpRZWdviYxvLXQsbqiE/29XPpxkkSyFvvQumnSRILhgyjF8p+urUbHN6/S 8dF7TEa2lAZ0aQcKiz4xXFSlbGGjKx236CKuW8RYTpTc+Sp/x+1RxeF8cw00tfKZ Rl2/1BsAbI4bg/Mvf1XwmH5GM4OQB8O3yQIgaU880rSnCyP+S4F8uAR+09JoOSdc Ab+sm8qDvQjrh+qJ0meU75mWQI8eiEczhdY+DtB+mtfHd8GIjNDaNM7u7vHTHA9w QAitcjd/hlMhBtYyP8aZzUpSYMfA6AjySmwDFLU/URgKi687yWM=
    =Dwin
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)