[ubuntu/bionic-updates] librecad 2.1.2-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Mar 16 10:28:08 UTC 2023
librecad (2.1.2-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS due to write access violation in libdxfrw
- debian/patches/CVE-2018-19105.patch: prevent write access
violation when a malicious DXF is read in
libraries/libdxfrw/src/drw_header.cpp and
libraries/libdxfrw/src/libdxfrw.cpp.
- CVE-2018-19105
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes18
- debian/patches/CVE-2021-21898.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress18 in
src/intern/dwgreader18.cpp, src/intern/dwgreader18.h,
src/intern/dwgutil.cpp and src/intern/dwgutil.h.
- CVE-2021-21898
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes21
- debian/patches/CVE-2021-21899.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress21 in
src/intern/dwgreader21.cpp, src/intern/dwgutil.cpp and
src/intern/dwgutil.h.
- CVE-2021-21899
* SECURITY UPDATE: heap use-after-free in DRW_TableEntry::parseCode
- debian/patches/CVE-2021-21900.patch: allow any coordinate order
in when processing a DRW file through DRW_TableEntry::parseCode
in src/drw_objects.cpp and src/drw_objects.h.
- CVE-2021-21900
* SECURITY UPDATE: code execution due to stack overflow in CDataMoji
- debian/patches/CVE-2021-45341.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45341
* SECURITY UPDATE: code execution due to stack overflow in CDataList
- debian/patches/CVE-2021-45342.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45342
* SECURITY UPDATE: DoS due to NULL pointer dereference in DXF parser
- debian/patches/CVE-2021-45343.patch: add NULL check when
handling hatch code 93 in
libraries/libdxfrw/src/drw_entities.cpp.
- CVE-2021-45343
Date: 2023-03-16 08:43:09.633101+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/librecad/2.1.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list