Format: 1.8
Date: Wed, 05 Jul 2023 17:10:48 +0300
Source: gerbv
Binary: gerbv
Architecture: ppc64el
Version: 2.7.0-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-006.buildd>
Changed-By: George-Andrei Iosif <andrei.iosif@canonical.com>
Description:
 gerbv      - Gerber file viewer (only RS 274 X format)
Changes:
 gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds write when processing T code
     - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
       invalid tool number in src/drill.c.
     - CVE-2021-40391
   * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
     - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
       used when pushing and popping from memory in src/gerber.c.
     - CVE-2021-40393
   * SECURITY UPDATE: integer overflow when processing RS-274X files
     - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
       can produce an integer overflow in src/gerber.c.
     - CVE-2021-40394
   * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
     - debian/patches/CVE-2021-40400.patch: Limits the read location to the
       intentionally readable memory in src/gerber.c.
     - CVE-2021-40400
   * SECURITY UPDATE: use after free when processing RS-274X definitions
     - debian/patches/CVE-2021-40401.patch: Checks a function parsing
       strings to not return NULL in src/gerber.c.
     - CVE-2021-40401
   * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
     - debian/patches/CVE-2021-40403.patch: Checks the return code of a
       sscanf call in src/pick-and-place.c.
     - CVE-2021-40403
Checksums-Sha1:
 5eaf8c472e796506a8d512d3bcae7af07fd7cd2b 509644 gerbv-dbgsym_2.7.0-1ubuntu0.1_ppc64el.ddeb
 890aca44be8b87ae6c4a7675254e2817ad82d38a 11723 gerbv_2.7.0-1ubuntu0.1_ppc64el.buildinfo
 c1b1dacee44654e966066196ae0ac7f089b0ffd5 1682704 gerbv_2.7.0-1ubuntu0.1_ppc64el.deb
Checksums-Sha256:
 c48053953561685cb70570a53dd25102461179c0de4b4c7e4c26539495472289 509644 gerbv-dbgsym_2.7.0-1ubuntu0.1_ppc64el.ddeb
 fba7bc02501953619df18f4ed31cfd23595c0b267df9ba9102f06e7176d31718 11723 gerbv_2.7.0-1ubuntu0.1_ppc64el.buildinfo
 2848ad475ab6af28dea627a8538ac6757870de62db9ff13cd5cc6c34d77f01ea 1682704 gerbv_2.7.0-1ubuntu0.1_ppc64el.deb
Files:
 fd4dc685493c74e2ee32c553e1db49d1 509644 debug optional gerbv-dbgsym_2.7.0-1ubuntu0.1_ppc64el.ddeb
 54eb75da576a815f15be18ff5462a306 11723 electronics optional gerbv_2.7.0-1ubuntu0.1_ppc64el.buildinfo
 240ff24aa38c8886eb91ff96b8194d6b 1682704 electronics optional gerbv_2.7.0-1ubuntu0.1_ppc64el.deb
Original-Maintainer: Debian Electronics Team <pkg-electronics-devel@alioth-lists.debian.net>