Debian 10225 Published by

The following updates are available for Debian GNU/Linux 10 LTS:

[DLA 3783-1] expat security update
[DLA 3785-1] gtkwave security update




[DLA 3783-1] expat security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3783-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
April 07, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : expat
Version : 2.2.6-2+deb10u7
CVE ID : CVE-2023-52425
Debian Bug : 1063238

Expat, an XML parsing C library has been found to have an vulnerability
that allows an attacker to perform a denial of service (resource
consumption, when many full reparsings are required in the case of a
large tokens.

When parsing a really big token that requires multiple buffer fills to
complete, expat has to re-parse the token from start multiple times,
which takes time. These patches introduce a heuristic that, when having
failed on the same token multiple times, defers further parsing until
there's significantly more data available.

The patch also introduces an optiional API,
XML_SetReparseDeferralEnabled(), to disable the new heuristic.

For Debian 10 buster, this problem has been fixed in version
2.2.6-2+deb10u7.

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DLA 3785-1] gtkwave security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3785-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 09, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : gtkwave
Version : 3.3.98+really3.3.118-0+deb10u1
CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703
CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957
CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961
CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969
CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994
CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746
CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915
CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417
CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442
CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446
CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575
CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921
CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618
CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622
CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650
CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657
CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271
CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275
CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414
CVE-2023-39443 CVE-2023-39444
Debian Bug : 1060407

Multiple security issues have been fixed in the waveform viewer GTKWave
by upgrading to a more recent upstream version.

For Debian 10 buster, these problems have been fixed in version
3.3.98+really3.3.118-0+deb10u1.

We recommend that you upgrade your gtkwave packages.

For the detailed security status of gtkwave please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gtkwave

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS