Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted librecad 2.1.3-1.2+deb10u1 (source) into oldstable->embargoed, oldstable
Date: Tue, 15 Feb 2022 19:57:49 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 30 Jan 2022 22:53:52 +0800
Source: librecad
Architecture: source
Version: 2.1.3-1.2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 librecad (2.1.3-1.2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2021-21898: A code execution vulnerability exists in the
     dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to an out-of-bounds write.
   * CVE-2021-21899: A code execution vulnerability exists in the
     dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to a heap buffer overflow.
   * CVE-2021-21900: A code execution vulnerability exists in the
     dxfRW::processLType() functionality of LibreCad libdxfrw. A
     specially-crafted .dxf file can lead to a use-after-free
     vulnerability.
   * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
     component of LibreCAD allows an attacker to achieve Remote Code Execution
     using a crafted JWW document.
   * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
     component of LibreCAD allows an attacker to achieve Remote Code Execution
     using a crafted JWW document.
   * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
     libdxfrw allows an attacker to crash the application using a crafted DXF
     document.
Checksums-Sha1:
 dc0998996d483eff9ba93a21d9cb7bd329874c99 1937 librecad_2.1.3-1.2+deb10u1.dsc
 eac60a4e7eadf2969d34f289059053cff4068309 22415288 librecad_2.1.3.orig.tar.gz
 9d33d617fb066f486c63c904707fdb0caec6b768 18276 librecad_2.1.3-1.2+deb10u1.debian.tar.xz
 cb7e7af15e6bfd462b8053aacd1a6f882512ccb5 7008 librecad_2.1.3-1.2+deb10u1_source.buildinfo
Checksums-Sha256:
 d54cef491c9350afdce0862bca6193e9bdac14e30f5925d2ae57e8b32c9767d1 1937 librecad_2.1.3-1.2+deb10u1.dsc
 74c4ede409b13d0365c65c0cd52dba04f1049530f6df706dc905443d5e60db06 22415288 librecad_2.1.3.orig.tar.gz
 09f3a2ebf05448c0a6ff0f7fec1c7c65e8eba1e6b9cf71002aa964ae7c89a79d 18276 librecad_2.1.3-1.2+deb10u1.debian.tar.xz
 5f43a713e2bd54816058522d08babf5f074f3bf87c4057fe668bf602101940df 7008 librecad_2.1.3-1.2+deb10u1_source.buildinfo
Files:
 f5ba7de4f1b47658cd13fd2c0c4f0a49 1937 graphics optional librecad_2.1.3-1.2+deb10u1.dsc
 cef168e90e247c4a20ec81dd9686110e 22415288 graphics optional librecad_2.1.3.orig.tar.gz
 3e610b748d755a9d01642a6dda56ba49 18276 graphics optional librecad_2.1.3-1.2+deb10u1.debian.tar.xz
 7b043204eb3b95eae2f403f5a0ecdec7 7008 graphics optional librecad_2.1.3-1.2+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE+ecpf0kXAAxPjLtll/gMr2GMl1wFAmICT5kACgkQl/gMr2GM
l1zhGAf9FaQD3m+reMNqTtvTRVK2AVPRc5DntDBXBxuzJPCG9QeL9jvrGNwEg5Ma
5ZJS1NhI7nC3LmlG0pWpD875vSCtmDQopIYwuZybDiknRpKY21WO3GwKp02cbDJH
jXlyqmfyDoJ0ymql47Pr/UqKK5WDjObtP6PFxWmgX3EVndCCphiR7SwN7MszOxUN
Ap3LpN6B+8s0f1nJNDyGQ97Hq22ImL9IfR0bgCNcKSEuALCHux88hC2CtiC8A2mk
IOGAtLlno0AMPVwLlLGaIdsrPKj34xnGMNAaNL1FjrjHNkcX0aWomeVci06+gb06
hZ+DSfhJaWp6/RwIRus72i7NIdUPLA==
=32m4
-----END PGP SIGNATURE-----
News for package librecad
