[ubuntu/questing-proposed] gnuplot 6.0.2+dfsg1-2ubuntu1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Thu Sep 25 12:50:49 UTC 2025
gnuplot (6.0.2+dfsg1-2ubuntu1) questing; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2025-3359.patch: Refactor font name parsing to
prevent off by one error
- debian/patches/CVE-2025-31176.patch: Add extra guard to prevent
invalid read from plot->labels
- debian/patches/CVE-2025-31178.patch: Use snprintf to protect
against garbage user-supplied mouse format
- debian/patches/CVE-2025-31179.patch: Add guard against trying to
format a huge number as a time
- debian/patches/CVE-2025-31180.patch: Handle nonlinear x2 or y2 axis
with an incomplete definition
- debian/patches/CVE-2025-31181.patch: Protect against double fclose()
if two errors occur in a row
- CVE-2025-3359
- CVE-2025-31176
- CVE-2025-31178
- CVE-2025-31179
- CVE-2025-31180
- CVE-2025-31181
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2025-31177.patch: Add extra guard against y
bound of dumb terminal charcell array
- CVE-2025-31177
Date: Tue, 02 Sep 2025 19:27:10 +1000
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnuplot/6.0.2+dfsg1-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 02 Sep 2025 19:27:10 +1000
Source: gnuplot
Built-For-Profiles: noudeb
Architecture: source
Version: 6.0.2+dfsg1-2ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
gnuplot (6.0.2+dfsg1-2ubuntu1) questing; urgency=medium
.
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2025-3359.patch: Refactor font name parsing to
prevent off by one error
- debian/patches/CVE-2025-31176.patch: Add extra guard to prevent
invalid read from plot->labels
- debian/patches/CVE-2025-31178.patch: Use snprintf to protect
against garbage user-supplied mouse format
- debian/patches/CVE-2025-31179.patch: Add guard against trying to
format a huge number as a time
- debian/patches/CVE-2025-31180.patch: Handle nonlinear x2 or y2 axis
with an incomplete definition
- debian/patches/CVE-2025-31181.patch: Protect against double fclose()
if two errors occur in a row
- CVE-2025-3359
- CVE-2025-31176
- CVE-2025-31178
- CVE-2025-31179
- CVE-2025-31180
- CVE-2025-31181
* SECURITY UPDATE: Heap Buffer Overflow
- debian/patches/CVE-2025-31177.patch: Add extra guard against y
bound of dumb terminal charcell array
- CVE-2025-31177
Checksums-Sha1:
996fcf14fc1225b61f058660ac08cd0c182cd89a 3166 gnuplot_6.0.2+dfsg1-2ubuntu1.dsc
1cf4209c4d7a035fa144befa40091af5d00c476b 36676 gnuplot_6.0.2+dfsg1-2ubuntu1.debian.tar.xz
9634a62399750ca7530ede315318879ca7cdf21e 18201 gnuplot_6.0.2+dfsg1-2ubuntu1_source.buildinfo
Checksums-Sha256:
29ccb53403702abcb5f4d6480f71312b11e3d52f7f174aa253c9e30db75ca3ec 3166 gnuplot_6.0.2+dfsg1-2ubuntu1.dsc
17a6e3e7c01467538c70cfb27a31194d402aca792ae5f45b5b9b1440624bb8a6 36676 gnuplot_6.0.2+dfsg1-2ubuntu1.debian.tar.xz
5d0b3f651616956eb6c34ebbe2f9f27e3ee4a8675b3816e77c627d6ce5e71e2c 18201 gnuplot_6.0.2+dfsg1-2ubuntu1_source.buildinfo
Files:
845c6ef6d107b0dbb438793b334c84a4 3166 math optional gnuplot_6.0.2+dfsg1-2ubuntu1.dsc
480af42b957c740e36889bf697494c3a 36676 math optional gnuplot_6.0.2+dfsg1-2ubuntu1.debian.tar.xz
c9360e874d113bd30763145296c68db8 18201 math optional gnuplot_6.0.2+dfsg1-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Science Team <debian-science-maintainers at lists.alioth.debian.org>
More information about the Questing-changes
mailing list