Overview

File _patchinfo of Package patchinfo.11811

<patchinfo incident="11811">
  <issue tracker="cve" id="2020-6615"/>
  <issue tracker="cve" id="2020-6612"/>
  <issue tracker="cve" id="2020-6609"/>
  <issue tracker="cve" id="2020-6614"/>
  <issue tracker="cve" id="2020-6611"/>
  <issue tracker="cve" id="2020-6613"/>
  <issue tracker="cve" id="2020-6610"/>
  <issue tracker="bnc" id="1160527">VUL-1: CVE-2020-6615: libredwg: invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c</issue>
  <issue tracker="bnc" id="1160522">VUL-1: CVE-2020-6610: libredwg: excessive memory allocation in read_sections_map in decode_r2007.c</issue>
  <issue tracker="bnc" id="1160524">VUL-1: CVE-2020-6612: libredwg: heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c</issue>
  <issue tracker="bnc" id="1160520">VUL-1: CVE-2020-6609: libredwg: heap-based buffer over-read in read_pages_map in decode_r2007.c</issue>
  <issue tracker="bnc" id="1160525">VUL-1: CVE-2020-6613: libredwg: heap-based buffer over-read in bit_search_sentinel in bits.c.</issue>
  <issue tracker="bnc" id="1160523">VUL-1: CVE-2020-6611: libredwg: NULL pointer dereference in get_next_owned_entity in dwg.c</issue>
  <issue tracker="bnc" id="1160526">VUL-1: CVE-2020-6614: libredwg: heap-based buffer over-read in bfr_read in decode.c</issue>
  <packager>jengelh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libredwg</summary>
  <description>This update for libredwg fixes the following issues:

libredwg was updated to release 0.10:

API breaking changes:

* Added a new int *isnewp argument to all dynapi utf8text
  getters, if the returned string is freshly malloced or not.
* removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and
  UNKNOWN_ENT left, with common_entity_data.
* renamed BLOCK_HEADER.preview_data to preview,
  preview_data_size to preview_size.
* renamed SHAPE.shape_no to style_id.
* renamed CLASS.wasazombie to is_zombie.

Bugfixes:

* Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c.
* Fixed encoding of added r2000 AUXHEADER address.
* Fixed EED encoding from dwgrewrite.
* Add several checks against
    [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522],
    [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524],
    [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526],
    [CVE-2020-6615, boo#1160527]</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places