-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5653-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 03, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gtkwave
CVE ID         : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 
                 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 
                 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 
                 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 
                 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 
                 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 
                 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 
                 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 
                 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 
                 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 
                 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 
                 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 
                 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 
                 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 
                 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 
                 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 
                 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 
                 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 
                 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 
                 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 
                 CVE-2023-39443 CVE-2023-39444

Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.

For the oldstable distribution (bullseye), these problems have been fixed
in version 3.3.104+really3.3.118-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 3.3.118-0.1~deb12u1.

We recommend that you upgrade your gtkwave packages.

For the detailed security status of gtkwave please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gtkwave

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYNpa8ACgkQEMKTtsN8
TjaBoRAAm9RrMuWHsKODDA8KffviTPutfYnisOLvciRUZqUHbvYQExE0o/G/JMUh
21d80NA0jdkZgkGePfnoLRKy95fGu6hL0jgNBt8A/Irmx+uji00MjD+sFAAH42Zm
DrrKRRmDmUywuOyNVWDm2Zr0LlbjAEvXmdwA6bRO6CueaWGYXYuTn3JQZCUNfsHr
ciLi6qY5LsR7kEH866ue9PqDxb8Zfmnqm+C/OZZQT3yevXwENANkXR731O7tLuYh
LWr4WC9DfXzfyG5MYQkbQ989XhUUCPBOYfZIRCqAuh45lFrorNGY7WE+DtLgdeoM
q9DlRylsTuMW38A+AtON9TnH4o8fXQWoLI+g4MoVddxmJucDrTnBVESnqIMXSxh+
YZ6zCNcpRZWdviYxvLXQsbqiE/29XPpxkkSyFvvQumnSRILhgyjF8p+urUbHN6/S
8dF7TEa2lAZ0aQcKiz4xXFSlbGGjKx236CKuW8RYTpTc+Sp/x+1RxeF8cw00tfKZ
Rl2/1BsAbI4bg/Mvf1XwmH5GM4OQB8O3yQIgaU880rSnCyP+S4F8uAR+09JoOSdc
Ab+sm8qDvQjrh+qJ0meU75mWQI8eiEczhdY+DtB+mtfHd8GIjNDaNM7u7vHTHA9w
QAitcjd/hlMhBtYyP8aZzUpSYMfA6AjySmwDFLU/URgKi687yWM=
=Dwin
-----END PGP SIGNATURE-----