Format: 1.8
Date: Wed, 05 Jul 2023 17:10:48 +0300
Source: gerbv
Binary: gerbv
Architecture: armhf
Version: 2.7.0-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-042.buildd>
Changed-By: George-Andrei Iosif <andrei.iosif@canonical.com>
Description:
 gerbv      - Gerber file viewer (only RS 274 X format)
Changes:
 gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds write when processing T code
     - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
       invalid tool number in src/drill.c.
     - CVE-2021-40391
   * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
     - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
       used when pushing and popping from memory in src/gerber.c.
     - CVE-2021-40393
   * SECURITY UPDATE: integer overflow when processing RS-274X files
     - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
       can produce an integer overflow in src/gerber.c.
     - CVE-2021-40394
   * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
     - debian/patches/CVE-2021-40400.patch: Limits the read location to the
       intentionally readable memory in src/gerber.c.
     - CVE-2021-40400
   * SECURITY UPDATE: use after free when processing RS-274X definitions
     - debian/patches/CVE-2021-40401.patch: Checks a function parsing
       strings to not return NULL in src/gerber.c.
     - CVE-2021-40401
   * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
     - debian/patches/CVE-2021-40403.patch: Checks the return code of a
       sscanf call in src/pick-and-place.c.
     - CVE-2021-40403
Checksums-Sha1:
 66f210129d759fe88f5038b8fd5a9d2e05616e56 419792 gerbv-dbgsym_2.7.0-1ubuntu0.1_armhf.ddeb
 6bb8f603be89a4d2d47fbfd7baaca02d49bfabc7 11554 gerbv_2.7.0-1ubuntu0.1_armhf.buildinfo
 7f43a1f2845c116d2de3bc216f39cae367802af0 1621000 gerbv_2.7.0-1ubuntu0.1_armhf.deb
Checksums-Sha256:
 a9807850554d15a86fe9500b6946dd7c6c6272606addfed08f6b86d4bcdcd6bc 419792 gerbv-dbgsym_2.7.0-1ubuntu0.1_armhf.ddeb
 15799dd869c49a7cc27ab7cdebb527f5000a088a8ef6576ad385dc8cc131028c 11554 gerbv_2.7.0-1ubuntu0.1_armhf.buildinfo
 245d14125cd8d0f21442481f29a3260867e77ed7fa3350f8ef2dfb98c8c88144 1621000 gerbv_2.7.0-1ubuntu0.1_armhf.deb
Files:
 0af7783b2ef74691c9fd8d1b047aa81d 419792 debug optional gerbv-dbgsym_2.7.0-1ubuntu0.1_armhf.ddeb
 dd93f48de5e1bda4069b3b2849935c81 11554 electronics optional gerbv_2.7.0-1ubuntu0.1_armhf.buildinfo
 cd5f2fc2eb38d5af98e52e64b410d9bf 1621000 electronics optional gerbv_2.7.0-1ubuntu0.1_armhf.deb
Original-Maintainer: Debian Electronics Team <pkg-electronics-devel@alioth-lists.debian.net>