[Pkg-electronics-devel] Bug#1050560: gerbv: CVE-2023-4508
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 26 10:48:33 BST 2023
Source: gerbv
Version: 2.9.8-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/gerbv/gerbv/issues/191
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for gerbv.
CVE-2023-4508[0]:
| A user able to control file input to Gerbv, between versions 2.4.0
| and 2.10.0, can cause a crash and cause denial-of-service with a
| specially crafted Gerber RS-274X file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-4508
https://www.cve.org/CVERecord?id=CVE-2023-4508
[1] https://github.com/gerbv/gerbv/issues/191
[2] https://github.com/gerbv/gerbv/pull/192
[3] https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-electronics-devel
mailing list