[ubuntu/bionic-updates] librecad 2.1.2-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Mar 16 10:28:08 UTC 2023 

librecad (2.1.2-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS due to write access violation in libdxfrw
    - debian/patches/CVE-2018-19105.patch: prevent write access
      violation when a malicious DXF is read in
      libraries/libdxfrw/src/drw_header.cpp and
      libraries/libdxfrw/src/libdxfrw.cpp.
    - CVE-2018-19105
  * SECURITY UPDATE: code execution due to heap overflow in copyCompBytes18
    - debian/patches/CVE-2021-21898.patch: perform bound checking when
      processing a DWG file through dwgCompressor::decompress18 in
      src/intern/dwgreader18.cpp, src/intern/dwgreader18.h,
      src/intern/dwgutil.cpp and src/intern/dwgutil.h.
    - CVE-2021-21898
  * SECURITY UPDATE: code execution due to heap overflow in copyCompBytes21
    - debian/patches/CVE-2021-21899.patch: perform bound checking when
      processing a DWG file through dwgCompressor::decompress21 in
      src/intern/dwgreader21.cpp, src/intern/dwgutil.cpp and
      src/intern/dwgutil.h.
    - CVE-2021-21899
  * SECURITY UPDATE: heap use-after-free in DRW_TableEntry::parseCode
    - debian/patches/CVE-2021-21900.patch: allow any coordinate order
      in when processing a DRW file through DRW_TableEntry::parseCode
      in src/drw_objects.cpp and src/drw_objects.h.
    - CVE-2021-21900
  * SECURITY UPDATE: code execution due to stack overflow in CDataMoji
    - debian/patches/CVE-2021-45341.patch: perform bound checking
      when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
    - CVE-2021-45341
  * SECURITY UPDATE: code execution due to stack overflow in CDataList
    - debian/patches/CVE-2021-45342.patch: perform bound checking
      when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
    - CVE-2021-45342
  * SECURITY UPDATE: DoS due to NULL pointer dereference in DXF parser
    - debian/patches/CVE-2021-45343.patch: add NULL check when
      handling hatch code 93 in
      libraries/libdxfrw/src/drw_entities.cpp.
    - CVE-2021-45343

Date: 2023-03-16 08:43:09.633101+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/librecad/2.1.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list