http://bugzilla.opensuse.org/show_bug.cgi?id=1204921
http://bugzilla.opensuse.org/show_bug.cgi?id=1204921#c1
Dr. Werner Fink
CVE-2021-40241
xfig 3.2.7 is vulnerable to Buffer Overflow.
References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40241 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395 https://www.cve.org/CVERecord?id=CVE-2021-40241
Ah ... but what is about xfig 3.2.8a rpm -qi xfig Name : xfig Version : 3.2.8a Release : bp154.1.24 Architecture: x86_64 Install Date: Thu Jun 2 14:19:34 2022 Group : Productivity/Graphics/Vector Editors Size : 15141373 License : MIT Signature : RSA/SHA256, Mon May 9 11:02:45 2022, Key ID 9c214d4065176565 Source RPM : xfig-3.2.8a-bp154.1.24.src.rpm Build Date : Mon May 9 11:02:15 2022 Build Host : cloud104 Relocations : (not relocatable) Packager : https://bugs.opensuse.org Vendor : openSUSE URL : https://sourceforge.net/projects/mcj/ Summary : Facility for Interactive Generation of Figures under the X Window System Description : Xfig is a menu-driven tool that allows the user to draw and manipulate objects interactively in an X Window System window. The resulting pictures can be saved, printed on PostScript printers, or converted to a variety of other formats (to allow inclusion in LaTeX documents, for example). Distribution: SUSE Linux Enterprise 15 SP4 ... from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395 I see Fixed in version xfig/1:3.2.8a-1 -- You are receiving this mail because: You are on the CC list for the bug.