-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5653-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 03, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gtkwave
CVE ID         : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 
                 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 
                 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 
                 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 
                 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 
                 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 
                 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 
                 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 
                 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 
                 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 
                 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 
                 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 
                 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 
                 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 
                 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 
                 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 
                 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 
                 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 
                 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 
                 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 
                 CVE-2023-39443 CVE-2023-39444

Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.

For the oldstable distribution (bullseye), these problems have been fixed
in version 3.3.104+really3.3.118-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 3.3.118-0.1~deb12u1.

We recommend that you upgrade your gtkwave packages.

For the detailed security status of gtkwave please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/gtkwave

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-5653-1: gtkwave security update

April 3, 2024
Claudio Bozzato discovered multiple security issues in gtkwave, a file waveform viewer for VCD (Value Change Dump) files, which may result in the execution of arbitrary code if mal...

Summary

Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.

For the oldstable distribution (bullseye), these problems have been fixed
in version 3.3.104+really3.3.118-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 3.3.118-0.1~deb12u1.

We recommend that you upgrade your gtkwave packages.

For the detailed security status of gtkwave please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/gtkwave

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Severity
Package : gtkwave
CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703
CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957
CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961
CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969
CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994
CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746
CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915
CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417
CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442
CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446
CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575
CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921
CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618
CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622
CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650
CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657
CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271
CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275
CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414
CVE-2023-39443 CVE-2023-39444

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up