Your message dated Sun, 30 Jan 2022 20:47:00 +0100
with message-id <[email protected]>
and subject line [email protected]: Accepted librecad 2.1.3-3
(source) into unstable
has caused the Debian Bug report #1004518,
regarding librecad: CVE-2021-45341 CVE-2021-45342 CVE-2021-45343
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004518
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: librecad
Version: 2.1.3-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.1.3-1.3
Control: found -1 2.1.3-1.2
Hi,
The following vulnerabilities were published for librecad.
CVE-2021-45341[0]:
| A buffer overflow vulnerability in CDataMoji of the jwwlib component
| of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote
| Code Execution using a crafted JWW document.
CVE-2021-45342[1]:
| A buffer overflow vulnerability in CDataList of the jwwlib component
| of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote
| Code Execution using a crafted JWW document.
CVE-2021-45343[2]:
| In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of
| libdxfrw allows an attacker to crash the application using a crafted
| DXF document.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-45341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45341
[1] https://security-tracker.debian.org/tracker/CVE-2021-45342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45342
[2] https://security-tracker.debian.org/tracker/CVE-2021-45343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45343
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: librecad
Source-Version: 2.1.3-3
----- Forwarded message from Debian FTP Masters
<[email protected]> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 30 Jan 2022 20:47:48 +0800
Source: librecad
Architecture: source
Version: 2.1.3-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers
<[email protected]>
Changed-By: Aron Xu <[email protected]>
Changes:
librecad (2.1.3-3) unstable; urgency=medium
.
* Team upload.
* Add patches for CVE-2021-45341, CVE-2021-45342, CVE-2021-45343
Checksums-Sha1:
474d20264cdb1df29068d9d3c15165681c5c15da 1897 librecad_2.1.3-3.dsc
eac60a4e7eadf2969d34f289059053cff4068309 22415288 librecad_2.1.3.orig.tar.gz
0746fe3530171dadcdc7d8a500fca184bc22e537 18508 librecad_2.1.3-3.debian.tar.xz
573076256e6c0a0ea49748a13ddd5d57f342433d 6968 librecad_2.1.3-3_source.buildinfo
Checksums-Sha256:
0436f0ea0486c03e3b77de5947c44b8ef6d39f274716d89d80b90038611fd85a 1897
librecad_2.1.3-3.dsc
74c4ede409b13d0365c65c0cd52dba04f1049530f6df706dc905443d5e60db06 22415288
librecad_2.1.3.orig.tar.gz
16026e96a070ba484c3bf4ade1694fbab4095d8a159b06b2791a17edab7880bd 18508
librecad_2.1.3-3.debian.tar.xz
84654c767db6a55e54b689ca07a66da97e3aae06106f73a9d2a480d994978955 6968
librecad_2.1.3-3_source.buildinfo
Files:
f755b5038022d791e387110f5ec4bfe0 1897 graphics optional librecad_2.1.3-3.dsc
cef168e90e247c4a20ec81dd9686110e 22415288 graphics optional
librecad_2.1.3.orig.tar.gz
736a195a092e7e44bee10ec4307e6442 18508 graphics optional
librecad_2.1.3-3.debian.tar.xz
a510691dc3c0dd29ddecaafd80cb3743 6968 graphics optional
librecad_2.1.3-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE+ecpf0kXAAxPjLtll/gMr2GMl1wFAmH2ihUACgkQl/gMr2GM
l1zEhAf/cuJiFCVkk53zcxPwioGjSRQwdiZ+OAdSmQmy+881chlUP8RtyZHhpPHy
OjqUNfp7yH7P+HGAZEVh6Rd6WQSYqFaxe0j2zJjQ11M8Z2T8LBzSGkpSeiL0CvCO
HBIOWSiVHPgzHlIVJadHaav8NaMsD8NIaLZ/mCwXWr5h/94Kh0+3SGE9WJFl70YT
cgMSuNrps3x8ox3yUnxC1r2295tBpjQylXUAK0Y4ruBHNtCbbz2ZPA4TnNsp612y
yyS4Jwy6VKKPxFMclYlpHWv+EDYhBZGJ+X1ufABPVVVSTTo6FY7ed8vpQwtLcjxW
1pcNafu/NNfLRs0lRxQ30iFCNSYEcg==
=AKmN
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
