File _patchinfo of Package patchinfo
<patchinfo incident="17376"> <issue tracker="cve" id="2021-21899"/> <issue tracker="cve" id="2021-21898"/> <issue tracker="cve" id="2021-21900"/> <issue tracker="bnc" id="1192938">VUL-0: CVE-2021-21900: libdxfrw: use-after-free in dxfRW:processLType()</issue> <issue tracker="bnc" id="1192936">VUL-0: CVE-2021-21898: libdxfrw: out-of-bounds write in dwgCompressor:decompress18()</issue> <issue tracker="bnc" id="1192937">VUL-0: CVE-2021-21899: libdxfrw: heap out-of-bounds write in dwgCompressor:copyCompBytes21</issue> <packager>jirislaby</packager> <rating>important</rating> <category>security</category> <summary>Security update for libdxfrw, librecad</summary> <description>This update for libdxfrw, librecad fixes the following issues: - Update to version 1.0.1+git.20220109: * fixed ambiguous error for DRW_Dimension::parseDwg() * fixed enless while()-loop for pre 2004 versions * dwgReader::readDwgObjects() stop reading after 1st error * dwgReader::readDwgEntities() stop reading after 1st error * replace ENTRY_PARSE macro with template method * remove unused DRW_Class::parseCode() method * protect vector<>.reserve() calls * Added NULL check for hatch code 93 * Fix bounds check in DRW_LWPolyline * fix, check maxClassNum for valid value * fixed wrong 2010+ check for 64-bit size * Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt * Fixed fall through and other warnings (#54) * fix "Vertex ID" printout - Update to version 1.0.1+git.20211110: * fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938) * minor improvements to dwg2dxf, formatting and message output on success * fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937) * dwg2dxf - enable debug output of libdxfrw by command line switch * fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936) * fixed please note section formatting * updated README.md for LibreCAD_3 branch and sf.net successor * fixed LibreCAD 2 issue #1371, read failed with binary DXF * Use ununordered_map instead of map * manual merge changes from LibreCAD2 * and much more - Update to version 1.0.1+git.20200429: * Fix includes install dir * Export target as libdxfrw::libdxfrw to keep consistency with Conan packages * Add archive destination in install * Install DXFRW::dxfrw target * Remove duplicate target properties * Remove version from pkg-config file * Let CMake handle C++11 compiler definition * Change minimal required CMake version to 3.0 * cmake: add doc target * README.md: fix typo * cmake: generate and install pkgconfig * cmake: add one for dwg2dxf * cmake: set library VERSIONs * cmake: use GNUInstallDirs - Update to version 0.6.3+git.20190501: * Add build status and update example link * Add Travis-CI script * [#10] Fix compilation on GCC * Fix bugs with .dwg import of TEXT and MTEXT entities * This was unnecessary * Link libdxfrw against libstdc++ * Return an error when the file ends prematurely * Add version getter * Fix polyline 2d/3d write * Initialize return buffers in GetRawChar8 et al. - update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements </description> </patchinfo>
