Format: 1.8
Date: Wed, 05 Jul 2023 17:10:48 +0300
Source: gerbv
Binary: gerbv
Architecture: amd64
Version: 2.7.0-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-084.buildd>
Changed-By: George-Andrei Iosif <andrei.iosif@canonical.com>
Description:
 gerbv      - Gerber file viewer (only RS 274 X format)
Changes:
 gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds write when processing T code
     - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
       invalid tool number in src/drill.c.
     - CVE-2021-40391
   * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
     - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
       used when pushing and popping from memory in src/gerber.c.
     - CVE-2021-40393
   * SECURITY UPDATE: integer overflow when processing RS-274X files
     - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
       can produce an integer overflow in src/gerber.c.
     - CVE-2021-40394
   * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
     - debian/patches/CVE-2021-40400.patch: Limits the read location to the
       intentionally readable memory in src/gerber.c.
     - CVE-2021-40400
   * SECURITY UPDATE: use after free when processing RS-274X definitions
     - debian/patches/CVE-2021-40401.patch: Checks a function parsing
       strings to not return NULL in src/gerber.c.
     - CVE-2021-40401
   * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
     - debian/patches/CVE-2021-40403.patch: Checks the return code of a
       sscanf call in src/pick-and-place.c.
     - CVE-2021-40403
Checksums-Sha1:
 d3417644b41a70fc97b8d848890efc29ebfd9479 421256 gerbv-dbgsym_2.7.0-1ubuntu0.1_amd64.ddeb
 6310ee0d846914986704a96f8af16cdaf695bf7e 11702 gerbv_2.7.0-1ubuntu0.1_amd64.buildinfo
 617e8b81787c483c85906edd3d61a8e702923ea4 1652508 gerbv_2.7.0-1ubuntu0.1_amd64.deb
Checksums-Sha256:
 19ac2a1b085b11049218e8c80116bc4c5e95e157fc1268ee7df1739125bc31d5 421256 gerbv-dbgsym_2.7.0-1ubuntu0.1_amd64.ddeb
 183b1f3954348b61a08d4c34d45d57daab5a95f39d4e586db7ae5e05c5833461 11702 gerbv_2.7.0-1ubuntu0.1_amd64.buildinfo
 a4acff10fc6d4ebc8c15471e8ffbf6fd79f76fd9bf53a5b1a68f38059fa8622a 1652508 gerbv_2.7.0-1ubuntu0.1_amd64.deb
Files:
 4fbce5ae1d6218371c5f26abfa747e81 421256 debug optional gerbv-dbgsym_2.7.0-1ubuntu0.1_amd64.ddeb
 bdcffa02e337e3fb3e966f33cafafcd1 11702 electronics optional gerbv_2.7.0-1ubuntu0.1_amd64.buildinfo
 510285474ed748774cb8c5aae82957b9 1652508 electronics optional gerbv_2.7.0-1ubuntu0.1_amd64.deb
Original-Maintainer: Debian Electronics Team <pkg-electronics-devel@alioth-lists.debian.net>