| What | Removed | Added |
|---|---|---|
| CC | stoyan.manolov@suse.com | |
| Flags | needinfo?(stoyan.manolov@suse.com) |
(In reply to Stoyan Manolov from comment #0) > CVE-2021-40241 > > xfig 3.2.7 is vulnerable to Buffer Overflow. > > References: > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40241 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395 > https://www.cve.org/CVERecord?id=CVE-2021-40241 Ah ... but what is about xfig 3.2.8a rpm -qi xfig Name : xfig Version : 3.2.8a Release : bp154.1.24 Architecture: x86_64 Install Date: Thu Jun 2 14:19:34 2022 Group : Productivity/Graphics/Vector Editors Size : 15141373 License : MIT Signature : RSA/SHA256, Mon May 9 11:02:45 2022, Key ID 9c214d4065176565 Source RPM : xfig-3.2.8a-bp154.1.24.src.rpm Build Date : Mon May 9 11:02:15 2022 Build Host : cloud104 Relocations : (not relocatable) Packager : https://bugs.opensuse.org Vendor : openSUSE URL : https://sourceforge.net/projects/mcj/ Summary : Facility for Interactive Generation of Figures under the X Window System Description : Xfig is a menu-driven tool that allows the user to draw and manipulate objects interactively in an X Window System window. The resulting pictures can be saved, printed on PostScript printers, or converted to a variety of other formats (to allow inclusion in LaTeX documents, for example). Distribution: SUSE Linux Enterprise 15 SP4 ... from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992395 I see Fixed in version xfig/1:3.2.8a-1