Format: 1.8
Date: Wed, 05 Jul 2023 17:10:48 +0300
Source: gerbv
Binary: gerbv
Architecture: s390x
Version: 2.7.0-1ubuntu0.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-015.buildd>
Changed-By: George-Andrei Iosif <andrei.iosif@canonical.com>
Description:
 gerbv      - Gerber file viewer (only RS 274 X format)
Changes:
 gerbv (2.7.0-1ubuntu0.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds write when processing T code
     - debian/patches/CVE-2021-40391.patch: Returns -1 when encountering an
       invalid tool number in src/drill.c.
     - CVE-2021-40391
   * SECURITY UPDATE: arbitrary write when parsing RS-274X opcodes
     - debian/patches/CVE-2021-40393.patch: Adds verifications for addresses
       used when pushing and popping from memory in src/gerber.c.
     - CVE-2021-40393
   * SECURITY UPDATE: integer overflow when processing RS-274X files
     - debian/patches/CVE-2021-40394.patch: Checks if the input parameters
       can produce an integer overflow in src/gerber.c.
     - CVE-2021-40394
   * SECURITY UPDATE: out-of-bounds read when processing RS-274X files
     - debian/patches/CVE-2021-40400.patch: Limits the read location to the
       intentionally readable memory in src/gerber.c.
     - CVE-2021-40400
   * SECURITY UPDATE: use after free when processing RS-274X definitions
     - debian/patches/CVE-2021-40401.patch: Checks a function parsing
       strings to not return NULL in src/gerber.c.
     - CVE-2021-40401
   * SECURITY UPDATE: out-of-bounds read when parsing pick-and-place files
     - debian/patches/CVE-2021-40403.patch: Checks the return code of a
       sscanf call in src/pick-and-place.c.
     - CVE-2021-40403
Checksums-Sha1:
 720fcd4fbf6b9a8a88b078f05773b0076b8cf8e7 423316 gerbv-dbgsym_2.7.0-1ubuntu0.1_s390x.ddeb
 8fb9f3954f6dd8b95ba0591e313bb094d079ff5d 11586 gerbv_2.7.0-1ubuntu0.1_s390x.buildinfo
 c470940641e159aaa7472cea3f29aa06728928c7 1628576 gerbv_2.7.0-1ubuntu0.1_s390x.deb
Checksums-Sha256:
 8227db6a1e4fdb58b1b3e4c8c372ba17f675744ba3d8d9302e8c55221cf80d6e 423316 gerbv-dbgsym_2.7.0-1ubuntu0.1_s390x.ddeb
 c9d3c3ff5cc23987ac44911980118be715b7167187ed358a173160880374377b 11586 gerbv_2.7.0-1ubuntu0.1_s390x.buildinfo
 d5faaaec65289b4c78cab3379cee21ea06feb52bacd0214bbe6c79a4543b34f0 1628576 gerbv_2.7.0-1ubuntu0.1_s390x.deb
Files:
 f55b208ee55848c0f23e7ecbfd6b6a6e 423316 debug optional gerbv-dbgsym_2.7.0-1ubuntu0.1_s390x.ddeb
 fe03e4214610f5f2eab9788ed6126a37 11586 electronics optional gerbv_2.7.0-1ubuntu0.1_s390x.buildinfo
 56bc6d72a1b40233b1a00ff2024c1c70 1628576 electronics optional gerbv_2.7.0-1ubuntu0.1_s390x.deb
Original-Maintainer: Debian Electronics Team <pkg-electronics-devel@alioth-lists.debian.net>