-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c990070fa4 2024-01-18 01:24:42.646479 -------------------------------------------------------------------------------- Name : gtkwave Product : Fedora 38 Version : 3.3.118 Release : 1.fc38 URL : http://gtkwave.sourceforge.net/ Summary : Waveform Viewer Description : GTKWave is a waveform viewer that can view VCD files produced by most Verilog simulation tools, as well as LXT files produced by certain Verilog simulation tools. -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. This update includes fixes for multiple security issues found by Talos in which specially crafted input files could lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 9 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 3.3.118-1 - Update to 3.3.118 - Update xml2stems to handle newer "loc" vs. "fl" xml tags - Change preg_regex_c_1 decl to use regex_t* as datatype - Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml - Fixed popen security advisories: - TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964, CVE-2023-35959, CVE-2023-35961, CVE-2023-35962) - Fixed FST security advisories: - TALOS-2023-1777 (CVE-2023-32650) - TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702) - TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958, CVE-2023-35955) - TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970) - TALOS-2023-1790 (CVE-2023-35992) - TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997, CVE-2023-35995) - TALOS-2023-1792 (CVE-2023-35128) - TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746) - TALOS-2023-1797 (CVE-2023-36864) - TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916) - Fixed evcd2vcd security advisories: - TALOS-2023-1803 (CVE-2023-34087) - Fixed VCD security advisories: - TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420, CVE-2023-37418, CVE-2023-37417) - TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445, CVE-2023-37444, CVE-2023-37442, CVE-2023-37443) - TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573, CVE-2023-37578, CVE-2023-37575, CVE-2023-37574) - TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922) - Fixed VZT security advisories: - TALOS-2023-1810 (CVE-2023-37282) - TALOS-2023-1811 (CVE-2023-36861) - TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620, CVE-2023-38619, CVE-2023-38623, CVE-2023-38622) - TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648) - TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650) - TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652) - TALOS-2023-1816 (CVE-2023-35004) - TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234) - Fixed LXT2 security advisories: - TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274, CVE-2023-39275, CVE-2023-39272, CVE-2023-39270) - TALOS-2023-1819 (CVE-2023-34436) - TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317) - TALOS-2023-1821 (CVE-2023-35057) - TALOS-2023-1822 (CVE-2023-35989) - TALOS-2023-1823 (CVE-2023-38657) - TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414) - TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444) - TALOS-2023-1827 (CVE-2023-38583) * Mon Aug 14 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 3.3.117-1 - Update to 3.3.117 - Fix stems reader processing code broken in 3.3.114 * Sun Jul 23 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 3.3.116-1 - Update to 3.3.116 - Fix manpage/odt for vcd2fst command switch documentation for zlibpack - Add GDK_WINDOWING_WAYLAND check for gdkwayland.h header usage - Change sprintf to snprintf in fstapi.c - Fix init crash on show_base_symbols enabled * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.115-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos https://bugzilla.redhat.com/show_bug.cgi?id=2257435 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c990070fa4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue