Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted librecad 2.1.3-1.3+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Fri, 18 Feb 2022 19:17:08 +0000
Signed by: Aron Xu <aron@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 31 Jan 2022 00:32:43 +0800
Source: librecad
Architecture: source
Version: 2.1.3-1.3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Changes:
 librecad (2.1.3-1.3+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2021-21898: A code execution vulnerability exists in the
     dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to an out-of-bounds write.
   * CVE-2021-21899: A code execution vulnerability exists in the
     dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
     specially-crafted .dwg file can lead to a heap buffer overflow.
   * CVE-2021-21900: A code execution vulnerability exists in the
     dxfRW::processLType() functionality of LibreCad libdxfrw. A
     specially-crafted .dxf file can lead to a use-after-free
     vulnerability.
   * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
     component of LibreCAD allows an attacker to achieve Remote Code Execution
     using a crafted JWW document.
   * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
     component of LibreCAD allows an attacker to achieve Remote Code Execution
     using a crafted JWW document.
   * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
     libdxfrw allows an attacker to crash the application using a crafted DXF
     document.
Checksums-Sha1:
 22fc3348defa54d15fb5d5bb3d0ba09ac1e49aeb 1937 librecad_2.1.3-1.3+deb11u1.dsc
 eac60a4e7eadf2969d34f289059053cff4068309 22415288 librecad_2.1.3.orig.tar.gz
 8e989894feea5d06b7efcfe2b178c5750459a35d 18604 librecad_2.1.3-1.3+deb11u1.debian.tar.xz
 bbd0568ad7d9c1f0f5d2a7cb9039ea2a730eb775 7008 librecad_2.1.3-1.3+deb11u1_source.buildinfo
Checksums-Sha256:
 d88e0527a45548bb2de5142358eda779540f85ff9787e40e95f78a5cd3f878a6 1937 librecad_2.1.3-1.3+deb11u1.dsc
 74c4ede409b13d0365c65c0cd52dba04f1049530f6df706dc905443d5e60db06 22415288 librecad_2.1.3.orig.tar.gz
 b1c7c8847115fc673e98a23be7e5ea3adfe73d75c0a190ae37180b131c0bd6ee 18604 librecad_2.1.3-1.3+deb11u1.debian.tar.xz
 62cfa3dfdae92458cbb7c96058ca3f0f23329ab83d00438ef17cd9433fb75ac6 7008 librecad_2.1.3-1.3+deb11u1_source.buildinfo
Files:
 26d392216ce0ea7b788eeb3fd384f84b 1937 graphics optional librecad_2.1.3-1.3+deb11u1.dsc
 cef168e90e247c4a20ec81dd9686110e 22415288 graphics optional librecad_2.1.3.orig.tar.gz
 1709fd2099d44fd900f1b83d6e0a0d49 18604 graphics optional librecad_2.1.3-1.3+deb11u1.debian.tar.xz
 748492f31399b431b7d4253d96bec51b 7008 graphics optional librecad_2.1.3-1.3+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmIHYTMACgkQO1LKKgqv
2VRWqAf/dWD1fQWwYkkCU7DMH0nQMLkKN5Kx9gN3qZmm31/SgchXSNZfDtAf+5/s
NOkzkPssArIZUwPDUXTGQbpjhRPnNeBObw4jyAL3aqMemq7rxBLnYnIQcLvMarcH
0zGUNOo2n6MuyYjI6qojCABcmJob6Sq50CDOjTcT8kLpcEZFiU5qPJNZuW4B4BZR
O83+1hePhbC1q0LB7Mzcm3+fAB+ILrsfG+EU6VxiN0UGrJ38AayqK2vI6pabJNeA
SZ1lgaStmeMXH1AVD8utQ5UV6zb+OE2ucNTbFkuuvZ5cX4U9olKULP2/e9hfIz2/
aeiE6MNGcaHBEKeEX6KncRU8OFdIlw==
=4ind
-----END PGP SIGNATURE-----
News for package librecad
