Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted librecad 2.1.2-1+deb9u2 (source) into oldoldstable
Date: Thu, 02 Dec 2021 16:40:14 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 02 Dec 2021 16:50:52 +0100
Source: librecad
Binary: librecad librecad-data
Architecture: source
Version: 2.1.2-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 librecad   - Computer-aided design (CAD) system
 librecad-data - Computer-aided design (CAD) system -- shared files
Changes:
 librecad (2.1.2-1+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2021-21898: A code execution vulnerability exists in the
     dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to an out-of-bounds write.
   * CVE-2021-21899: A code execution vulnerability exists in the
     dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to a heap buffer overflow.
   * CVE-2021-21900: A code execution vulnerability exists in the
     dxfRW::processLType() functionality of LibreCad libdxfrw. A
     specially-crafted .dxf file can lead to a use-after-free
     vulnerability.
Checksums-Sha1:
 a4222274f335233ea611afff34fe0ed7175a34cb 2264 librecad_2.1.2-1+deb9u2.dsc
 866bda4b93c780e475da4959bbeb607c74c61332 22415451 librecad_2.1.2.orig.tar.gz
 7b00cb48aab2da9524a4eebc06569f677d7e8104 16664 librecad_2.1.2-1+deb9u2.debian.tar.xz
 83b9399eaff7502b51217837df9c776034e0219a 13236 librecad_2.1.2-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 4ec2f29033602c029e973cfa75cb86f27b7b4125edf833cd8aee44ead9b2b57f 2264 librecad_2.1.2-1+deb9u2.dsc
 12ece7102c9406b28acf5901e20e7940c44b570957d24599793c90c38d882d3e 22415451 librecad_2.1.2.orig.tar.gz
 682a0f7861055635b498375256fe6a66afabb7bf54a05974c5a1bc0f6055a107 16664 librecad_2.1.2-1+deb9u2.debian.tar.xz
 d9d3fd3a0728ad5688f66f3072c92d4823671937fd8bbccff14c2d34c3d550a2 13236 librecad_2.1.2-1+deb9u2_amd64.buildinfo
Files:
 c728c67a0702d90bfbeeb21dd26ec21c 2264 graphics optional librecad_2.1.2-1+deb9u2.dsc
 f4bad1105b371b21622e0237d5d3c000 22415451 graphics optional librecad_2.1.2.orig.tar.gz
 917290832db7f00dd2f2734735374bb9 16664 graphics optional librecad_2.1.2-1+deb9u2.debian.tar.xz
 8937ba91ea0c2425d89f21c642944d1d 13236 graphics optional librecad_2.1.2-1+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmGo8scACgkQDTl9HeUl
XjCl2hAAioFQl9hfNmKME1mn3GiDQv5v20vGLLmeCj6NnZsbCybsWtsN+UJne/jO
EUiHWtLdR+1JytpHZmlGNPhaRZoNqXtULuVZCWZKvoMNFj+OsogbZFLQsQ3IgTdn
rGG1xRS2j9s4OaproDkDl7kIkuQek5GY7xuJm1VQ4g2CDpaJ2STa9opbNVZbn8yr
wuIoUFJj8dHgkUUj2kYv7HNmn1YjO7TrgjKq+4Ix0NHW6vYZnSH7usReCyWIazSd
GzjAHMnTZ4sMu3gVAjOavKtqnRpDkEmQM/FqEevysH2aMHQyUA5AnE70K74NTXy/
ILaH8jtU20NCfirmPU6szUF1FrIZtJZp2NcDvdL5/RuU1Z4Fvjf5sLs1BhCSBAD8
FAJ5yBHylukDyhU49msBYY3L0v/1cbIrfzQC/6PnttmZugoJsjUN5SxN7RFzI+lR
aMjobhVGFPbCLL5k2lwYaWwkblUQ259wcCN8DX76jU3ZtPGGfUuUUt763a37VAu8
9m7WvoVgINspjQ64WnNFc9HtFDilk+gB0vhmrjejiBGRacDwyof7/b854GX8N+6n
vKTXoVm66OANAuktcACiHVoruH1yD4dQcoNCGSxYbphhiB4WIlL0Kni6G38KdNte
2FIAINTkLteMBpoErsH1ozVjI0ZiQWxS3ZxbjrnYUCasEfYrr7Y=
=h/Ya
-----END PGP SIGNATURE-----
News for package librecad
