openSUSE-SU-2022:0067-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0067-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:0067-1
- Related
- Published
- 2022-03-02T21:21:30Z
- Modified
- 2025-05-08T17:47:25.931971Z
- Upstream
- Summary
- Security update for libdxfrw, librecad
- Details
-
This update for libdxfrw, librecad fixes the following issues:
Update to version 1.0.1+git.20220109:
- fixed ambiguous error for DRW_Dimension::parseDwg()
- fixed enless while()-loop for pre 2004 versions
- dwgReader::readDwgObjects() stop reading after 1st error
- dwgReader::readDwgEntities() stop reading after 1st error
- replace ENTRY_PARSE macro with template method
- remove unused DRW_Class::parseCode() method
- protect vector<>.reserve() calls
- Added NULL check for hatch code 93
- Fix bounds check in DRW_LWPolyline
- fix, check maxClassNum for valid value
- fixed wrong 2010+ check for 64-bit size
- Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt
- Fixed fall through and other warnings (#54)
- fix 'Vertex ID' printout
Update to version 1.0.1+git.20211110:
- fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938)
- minor improvements to dwg2dxf, formatting and message output on success
- fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937)
- dwg2dxf - enable debug output of libdxfrw by command line switch
- fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936)
- fixed please note section formatting
- updated README.md for LibreCAD_3 branch and sf.net successor
- fixed LibreCAD 2 issue #1371, read failed with binary DXF
- Use ununordered_map instead of map
- manual merge changes from LibreCAD2
- and much more
Update to version 1.0.1+git.20200429:
- Fix includes install dir
- Export target as libdxfrw::libdxfrw to keep consistency with Conan packages
- Add archive destination in install
- Install DXFRW::dxfrw target
- Remove duplicate target properties
- Remove version from pkg-config file
- Let CMake handle C++11 compiler definition
- Change minimal required CMake version to 3.0
- cmake: add doc target
- README.md: fix typo
- cmake: generate and install pkgconfig
- cmake: add one for dwg2dxf
- cmake: set library VERSIONs
- cmake: use GNUInstallDirs
Update to version 0.6.3+git.20190501:
- Add build status and update example link
- Add Travis-CI script
- [#10] Fix compilation on GCC
- Fix bugs with .dwg import of TEXT and MTEXT entities
- This was unnecessary
- Link libdxfrw against libstdc++
- Return an error when the file ends prematurely
- Add version getter
- Fix polyline 2d/3d write
- Initialize return buffers in GetRawChar8 et al.
update to 2.2.0-rc3
- major release
- DWG imports are more reliable now
- and a lot more of bugfixes and improvements
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/
- https://bugzilla.suse.com/1192936
- https://bugzilla.suse.com/1192937
- https://bugzilla.suse.com/1192938
- https://www.suse.com/security/cve/CVE-2021-21898
- https://www.suse.com/security/cve/CVE-2021-21899
- https://www.suse.com/security/cve/CVE-2021-21900
Affected packages
SUSE:Package Hub 15 SP3 / libdxfrw
Package
- Name
- libdxfrw
- Purl
- pkg:rpm/suse/libdxfrw&distro=SUSE%20Package%20Hub%2015%20SP3
SUSE:Package Hub 15 SP3 / librecad
Package
- Name
- librecad
- Purl
- pkg:rpm/suse/librecad&distro=SUSE%20Package%20Hub%2015%20SP3
openSUSE:Leap 15.3 / libdxfrw
Package
- Name
- libdxfrw
- Purl
- pkg:rpm/opensuse/libdxfrw&distro=openSUSE%20Leap%2015.3