--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c990070fa4
2024-01-18 01:24:42.646479
--------------------------------------------------------------------------------
Name : gtkwave
Product : Fedora 38
Version : 3.3.118
Release : 1.fc38
URL :
http://gtkwave.sourceforge.net/
Summary : Waveform Viewer
Description :
GTKWave is a waveform viewer that can view VCD files produced by most Verilog
simulation tools, as well as LXT files produced by certain Verilog simulation
tools.
--------------------------------------------------------------------------------
Update Information:
Cumulative bug-fix update. This update includes fixes for multiple security
issues found by Talos in which specially crafted input files could lead to
arbitrary code execution. A victim would need to open a malicious file to
trigger these vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 9 2024 Paul Howarth <paul(a)city-fan.org> - 3.3.118-1
- Update to 3.3.118
- Update xml2stems to handle newer "loc" vs. "fl" xml tags
- Change preg_regex_c_1 decl to use regex_t* as datatype
- Move gtkwave.appdata.xml to io.github.gtkwave.GTKWave.metainfo.xml
- Fixed popen security advisories:
- TALOS-2023-1786 (CVE-2023-35963, CVE-2023-35960, CVE-2023-35964,
CVE-2023-35959, CVE-2023-35961, CVE-2023-35962)
- Fixed FST security advisories:
- TALOS-2023-1777 (CVE-2023-32650)
- TALOS-2023-1783 (CVE-2023-35704, CVE-2023-35703, CVE-2023-35702)
- TALOS-2023-1785 (CVE-2023-35956, CVE-2023-35957, CVE-2023-35958,
CVE-2023-35955)
- TALOS-2023-1789 (CVE-2023-35969, CVE-2023-35970)
- TALOS-2023-1790 (CVE-2023-35992)
- TALOS-2023-1791 (CVE-2023-35994, CVE-2023-35996, CVE-2023-35997,
CVE-2023-35995)
- TALOS-2023-1792 (CVE-2023-35128)
- TALOS-2023-1793 (CVE-2023-36747, CVE-2023-36746)
- TALOS-2023-1797 (CVE-2023-36864)
- TALOS-2023-1798 (CVE-2023-36915, CVE-2023-36916)
- Fixed evcd2vcd security advisories:
- TALOS-2023-1803 (CVE-2023-34087)
- Fixed VCD security advisories:
- TALOS-2023-1804 (CVE-2023-37416, CVE-2023-37419, CVE-2023-37420,
CVE-2023-37418, CVE-2023-37417)
- TALOS-2023-1805 (CVE-2023-37447, CVE-2023-37446, CVE-2023-37445,
CVE-2023-37444, CVE-2023-37442, CVE-2023-37443)
- TALOS-2023-1806 (CVE-2023-37576, CVE-2023-37577, CVE-2023-37573,
CVE-2023-37578, CVE-2023-37575, CVE-2023-37574)
- TALOS-2023-1807 (CVE-2023-37921, CVE-2023-37923, CVE-2023-37922)
- Fixed VZT security advisories:
- TALOS-2023-1810 (CVE-2023-37282)
- TALOS-2023-1811 (CVE-2023-36861)
- TALOS-2023-1812 (CVE-2023-38618, CVE-2023-38621, CVE-2023-38620,
CVE-2023-38619, CVE-2023-38623, CVE-2023-38622)
- TALOS-2023-1813 (CVE-2023-38649, CVE-2023-38648)
- TALOS-2023-1814 (CVE-2023-38651, CVE-2023-38650)
- TALOS-2023-1815 (CVE-2023-38653, CVE-2023-38652)
- TALOS-2023-1816 (CVE-2023-35004)
- TALOS-2023-1817 (CVE-2023-39235, CVE-2023-39234)
- Fixed LXT2 security advisories:
- TALOS-2023-1818 (CVE-2023-39273, CVE-2023-39271, CVE-2023-39274,
CVE-2023-39275, CVE-2023-39272, CVE-2023-39270)
- TALOS-2023-1819 (CVE-2023-34436)
- TALOS-2023-1820 (CVE-2023-39316, CVE-2023-39317)
- TALOS-2023-1821 (CVE-2023-35057)
- TALOS-2023-1822 (CVE-2023-35989)
- TALOS-2023-1823 (CVE-2023-38657)
- TALOS-2023-1824 (CVE-2023-39413, CVE-2023-39414)
- TALOS-2023-1826 (CVE-2023-39443, CVE-2023-39444)
- TALOS-2023-1827 (CVE-2023-38583)
* Mon Aug 14 2023 Paul Howarth <paul(a)city-fan.org> - 3.3.117-1
- Update to 3.3.117
- Fix stems reader processing code broken in 3.3.114
* Sun Jul 23 2023 Paul Howarth <paul(a)city-fan.org> - 3.3.116-1
- Update to 3.3.116
- Fix manpage/odt for vcd2fst command switch documentation for zlibpack
- Add GDK_WINDOWING_WAYLAND check for gdkwayland.h header usage
- Change sprintf to snprintf in fstapi.c
- Fix init crash on show_base_symbols enabled
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.115-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2257435 - gtkwave: Multiple CVEs published by Talos
https://bugzilla.redhat.com/show_bug.cgi?id=2257435
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c990070fa4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------