Bug 29608 - transfig new security issues fixed upstream in 3.2.8b
Summary: transfig new security issues fixed upstream in 3.2.8b
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2021-10-30 20:04 CEST by David Walser
Modified: 2021-11-18 22:52 CET (History)
5 users (show)

See Also:
Source RPM: transfig-3.2.8a-1.mga9.src.rpm
Status comment:


Description David Walser 2021-10-30 20:04:13 CEST
transfig 3.2.8b has been released in August 2021:

It fixes buffer overflows, segfaults, and other bugs.

Mageia 8 is also affected.
David Walser 2021-10-30 20:04:26 CEST

Whiteboard: (none) => MGA8TOO
CC: (none) => mageia

Comment 1 Lewis Smith 2021-10-30 21:21:02 CEST
No particular packager visible for this SRPM, so having to assign this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Lécureuil 2021-11-07 00:10:23 CET
fixed in mga8/9

    - transfig-3.2.8b-1.mga8

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs

Comment 3 Herman Viaene 2021-11-12 16:10:10 CET
MGA8-64 Plasma on Lenovo B50
No installation issues
Ref bug 29126 for testing (deleting first the result files from previous version.
$ fig2dev -L png testtransfig.fig testtransfig.png
$ file testtransfig.png
testtransfig.png: PNG image data, 781 x 626, 1-bit colormap, non-interlaced
$ fig2dev -L eps testtransfig.fig testtransfig.ps
$  fig2dev -L pdf testtransfig.fig testtransfig.pdf
$ fig2dev -L gif testtransfig.fig testtransfig.gif
$ fig2dev -L latex testtransfig.fig testtransfig.tex
Not a LaTeX slope (3300, -600), deviation 56.8 pixels
Not a LaTeX slope (-525, -3375), deviation 42.6 pixels
Not a LaTeX slope (-6825, 525), deviation 525.0 pixels
Not a LaTeX slope (-750, 1050), deviation 42.0 pixels
Not a LaTeX slope (-1260, -832), deviation 9.2 pixels
Not a LaTeX slope (1260, 832), deviation 9.2 pixels
$ cat testtransfig.tex 
{\color[rgb]{0,0,0}\put(1726,-4186){\line( 6, 1){7200}}
\put(8926,-2986){\line( 6,-1){3308.108}}
\put(12226,-3586){\line( 1,-4){525}}
\put(12226,-9061){\line(-1, 0){6825}}
\put(5401,-8536){\line(-3, 4){774}}
{\color[rgb]{0,0,0}\put(8326,-2086){\line( 0, 1){1507}}
\put(8236,-579){\line(-2, 1){1350}}
\put(6886, 96){\line(-3,-2){1256.308}}
\put(5626,-736){\line( 0,-1){1507}}
\put(5716,-2243){\line( 2,-1){1350}}
\put(7066,-2918){\line( 3, 2){1256.308}}

The picture files all display OK either in gwenview or in okular. 
So OK for me

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2021-11-13 16:39:04 CET
I'm glad you grabbed this one, Herman. I thought about trying to stumble my way through it, but far better to have experienced eyes looking at it.


Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-11-18 19:15:54 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2021-11-18 22:52:28 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.