Accepted librecad 2.1.3-1.2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted librecad 2.1.3-1.2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 11 Jul 2022 20:47:57 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=TGCGxfy54eJaA3KQcaI37IPXqNpnwZech1GQYE+A4Jw=; b=GAin7WKl1STTRz8CzBuuXNS+ZE c3bmLjry0r6Vgz0uqR1N1lydtmMMN1iKm4QcJIMCls5rKexUzniH16+HZ3tGeqUkBrtBNLsDFdKwp BGuxEPKjCpGxeOsx6cIjBqyiuECMpUy7yCI/uee3OtiX1jDsQD7C8Znvj8Ldhq+rxSuPRuoSftU9L 163AFgMxGxTMA+8rdr29Qy0vvPmEbIH9mKIK6AYWQjoQSt1GraKblNEpOfCZRUbKA9iAvufLOMtjb BxYifaVmkh5wdgC1t65w4fyQ7OR4mZBGxnQi3vYCdG1657qpnKiO3viK7QilGf9G6BhecFmjkI1VV SFlGYUWA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oB0Jx-000I0N-E9@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 30 Jan 2022 22:53:52 +0800
Source: librecad
Architecture: source
Version: 2.1.3-1.2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
librecad (2.1.3-1.2+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2021-21898: A code execution vulnerability exists in the
dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
specially-crafted .dwg file can lead to an out-of-bounds write.
* CVE-2021-21899: A code execution vulnerability exists in the
dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
specially-crafted .dwg file can lead to a heap buffer overflow.
* CVE-2021-21900: A code execution vulnerability exists in the
dxfRW::processLType() functionality of LibreCad libdxfrw. A
specially-crafted .dxf file can lead to a use-after-free
vulnerability.
* CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
component of LibreCAD allows an attacker to achieve Remote Code Execution
using a crafted JWW document.
* CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
component of LibreCAD allows an attacker to achieve Remote Code Execution
using a crafted JWW document.
* CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
libdxfrw allows an attacker to crash the application using a crafted DXF
document.
Checksums-Sha1:
5ce7d34da8970676a738322149c049203bdedb9d 2282 librecad_2.1.3-1.2+deb10u1.dsc
eac60a4e7eadf2969d34f289059053cff4068309 22415288 librecad_2.1.3.orig.tar.gz
9d33d617fb066f486c63c904707fdb0caec6b768 18276 librecad_2.1.3-1.2+deb10u1.debian.tar.xz
0ca46c228f249342ed7610db62e67dc48d672ea2 7353 librecad_2.1.3-1.2+deb10u1_source.buildinfo
Checksums-Sha256:
9b1744f40ed019288984ef5e3f6238b260c48f85896c69351ce0658870786b17 2282 librecad_2.1.3-1.2+deb10u1.dsc
74c4ede409b13d0365c65c0cd52dba04f1049530f6df706dc905443d5e60db06 22415288 librecad_2.1.3.orig.tar.gz
09f3a2ebf05448c0a6ff0f7fec1c7c65e8eba1e6b9cf71002aa964ae7c89a79d 18276 librecad_2.1.3-1.2+deb10u1.debian.tar.xz
e2a4de813fe70f32d5297a327f763b488f7cc4d87fd8176e7a32136489f03730 7353 librecad_2.1.3-1.2+deb10u1_source.buildinfo
Files:
c10902967809e5f7a232b41d7b9d6d53 2282 graphics optional librecad_2.1.3-1.2+deb10u1.dsc
cef168e90e247c4a20ec81dd9686110e 22415288 graphics optional librecad_2.1.3.orig.tar.gz
3e610b748d755a9d01642a6dda56ba49 18276 graphics optional librecad_2.1.3-1.2+deb10u1.debian.tar.xz
1d336366d22a921de11a0c2987ea2886 7353 graphics optional librecad_2.1.3-1.2+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmK/LQsACgkQxc5dwsVC
zVmEOQ//cO6oBJmsFvfXhsVrRkaN8l8E0IgKMMCqJH6cBMMNeV7ZYomWuBO90gWJ
4rfGmO7KVude/rTlZGu6/SE+vv3HUe+IbDB9tOdpIzMKssCHDP5Xpg8SgY4jZ0GU
foBowbQfBRF70p7hVl0HvIycqkPfWYVd7P08KTyQEGDlAnwJ0WB+Bd1k6AMlTdnx
qSk2yscdoiueTUbJdcbdpAeP57ihgcBKVSJC6ATvzJDiE9tHGB+J867Nmg37qsQL
9Lp4J//yKqa8BUTHtWMVEBMxBtlYH1VrYblblM0mt1uWBL6AfMhG/97xl02zqigb
OU/PA0EtXEjdyMO7srw0CWeJmr6k/ateFtIWTt8kbUgxJi7t/CHXWQtAtWWXbe4J
i//3X0Wh947udBt9aPMEkVHxYuoiS+BdLp/mdVNQsjjSfHVjpuErzSiADSjbao2q
23u7Om7aeWkZGtR9eEgwUSvqN191ydnB4vicOkcx9NOi7hmvcaf/ouGEDowi8+qS
9yrBRcLZXjkC6u0nhpzJVpC0QJ+YgcmJG/ooG7CSeOsQjk0VHfNDpy0R04V4Kbsb
TxZ3vQfUkCHBxyAc+V0vIegMIJM/FRv34e3LVYG1emnpRgZ2vG0q0BLCLrHZZELC
I+QOQUfw9WRSdtBBMfZ2GzqieOheAfqI/b/ALf1YY6wQoJZ1DLA=
=KBSU
-----END PGP SIGNATURE-----