--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2647382c5f
2024-01-18 01:45:03.774820
--------------------------------------------------------------------------------
Name : gtkwave
Product : Fedora 39
Version : 3.3.118
Release : 1.fc39
URL : https://gtkwave.sourceforge.net/
Summary : Waveform Viewer
Description :
GTKWave is a waveform viewer that can view VCD files produced by most Verilog
simulation tools, as well as LXT files produced by certain Verilog simulation
tools.
--------------------------------------------------------------------------------
Update Information:
Cumulative bug-fix update. This update includes fixes for multiple security
issues found by Talos in which specially crafted input files could lead to
arbitrary code execution. A victim would need to open a malicious file to
trigger these vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 9 2024 Paul Howarth - 3.3.118-1
- Update to 3.3.118
- Update xml2stems to handle newer "loc" vs. "fl" xml tags
- Change preg_regex_c_1 decl to use regex_t* as datatype
- Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml
- Fixed popen security advisories:
- TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964,
CVE-2023-35959, CVE-2023-35961, CVE-2023-35962)
- Fixed FST security advisories:
- TALOS-2023-1777 (CVE-2023-32650)
- TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702)
- TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958,
CVE-2023-35955)
- TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970)
- TALOS-2023-1790 (CVE-2023-35992)
- TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997,
CVE-2023-35995)
- TALOS-2023-1792 (CVE-2023-35128)
- TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746)
- TALOS-2023-1797 (CVE-2023-36864)
- TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916)
- Fixed evcd2vcd security advisories:
- TALOS-2023-1803 (CVE-2023-34087)
- Fixed VCD security advisories:
- TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420,
CVE-2023-37418, CVE-2023-37417)
- TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445,
CVE-2023-37444, CVE-2023-37442, CVE-2023-37443)
- TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573,
CVE-2023-37578, CVE-2023-37575, CVE-2023-37574)
- TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922)
- Fixed VZT security advisories:
- TALOS-2023-1810 (CVE-2023-37282)
- TALOS-2023-1811 (CVE-2023-36861)
- TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620,
CVE-2023-38619, CVE-2023-38623, CVE-2023-38622)
- TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648)
- TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650)
- TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652)
- TALOS-2023-1816 (CVE-2023-35004)
- TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234)
- Fixed LXT2 security advisories:
- TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274,
CVE-2023-39275, CVE-2023-39272, CVE-2023-39270)
- TALOS-2023-1819 (CVE-2023-34436)
- TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317)
- TALOS-2023-1821 (CVE-2023-35057)
- TALOS-2023-1822 (CVE-2023-35989)
- TALOS-2023-1823 (CVE-2023-38657)
- TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414)
- TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444)
- TALOS-2023-1827 (CVE-2023-38583)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos
https://bugzilla.redhat.com/show_bug.cgi?id=2257435
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2647382c5f' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/