Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1399-1 wget security update
Debian GNU/Linux 8 (Jessie), 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1401-1 transfig security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1400-1 fig2dev security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4134-1] fig2dev security update
[DLA 4133-1] wget security update
[SECURITY] [DLA 4134-1] fig2dev security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4134-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 21, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : fig2dev
Version : 1:3.2.8-3+deb11u2
CVE ID : CVE-2025-31162 CVE-2025-31163 CVE-2025-31164
Multiple vulnerabilities have been fixed in the fig2dev utilities for
converting XFig figure files.
CVE-2025-31162
floating point exception with huge pattern lengths
CVE-2025-31163
non-rejection of arcs with co-incident points
CVE-2025-31164
heap buffer overflow on arc-box with zero radius
For Debian 11 bullseye, these problems have been fixed in version
1:3.2.8-3+deb11u2.
We recommend that you upgrade your fig2dev packages.
For the detailed security status of fig2dev please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fig2dev
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4133-1] wget security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4133-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 21, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : wget
Version : 1.21-1+deb11u2
CVE ID : CVE-2024-38428
Debian Bug : 1073523
Mishandling of semicolons in the userinfo subcomponent of a URI has been
fixed in GNU Wget, a utility for retrieving files over HTTP, HTTPS, FTP
and FTPS.
For Debian 11 bullseye, this problem has been fixed in version
1.21-1+deb11u2.
We recommend that you upgrade your wget packages.
For the detailed security status of wget please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wget
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1399-1 wget security update
Package : wget
Version : 1.16-1+deb8u8 (jessie), 1.18-5+deb9u4 (stretch), 1.20.1-1.1+deb10u1 (buster)
Related CVEs :
CVE-2024-38428
Mishandling of semicolons in the userinfo subcomponent of a URI has been fixed in GNU Wget, a utility for retrieving files over HTTP, HTTPS, FTP and FTPS.ELA-1399-1 wget security update
ELA-1401-1 transfig security update
Package : transfig
Version : 1:3.2.6a-2~deb8u2 (jessie)
Related CVEs :
CVE-2025-31162
CVE-2025-31163
CVE-2025-31164
Multiple vulnerabilities have been fixed in the transfig utilities for converting XFig figure files.
CVE-2025-31162
floating point exception with huge pattern lengths
CVE-2025-31163
non-rejection of arcs with co-incident points
CVE-2025-31164
heap buffer overflow on arc-box with zero radiusELA-1401-1 transfig security update
ELA-1400-1 fig2dev security update
Package : fig2dev
Version : 1:3.2.6a-2+deb9u5 (stretch), 1:3.2.7a-5+deb10u6 (buster)
Related CVEs :
CVE-2025-31162
CVE-2025-31163
CVE-2025-31164
Multiple vulnerabilities have been fixed in the fig2dev utilities for converting XFig figure files.
CVE-2025-31162
floating point exception with huge pattern lengths
CVE-2025-31163
non-rejection of arcs with co-incident points
CVE-2025-31164
heap buffer overflow on arc-box with zero radiusELA-1400-1 fig2dev security update
