CVE-2021-21898 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349): A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-21899 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350): A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. CVE-2021-21900 (https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351): A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. Can't derive a fixed version from these reports.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae3b58318840afcd6c3dfa9d8b9310c68136527f commit ae3b58318840afcd6c3dfa9d8b9310c68136527f Author: Alexander Golubev <fatzer2@gmail.com> AuthorDate: 2022-11-07 08:11:20 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-28 07:05:29 +0000 media-gfx/librecad: several improvements * bump to EAPI=8 * fix tranlation install * fix live ebuild installation * patch several CVEs Bug: https://bugs.gentoo.org/847394 Bug: https://bugs.gentoo.org/852941 Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Closes: https://bugs.gentoo.org/878925 Signed-off-by: Alexander Golubev <fatzer2@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/28164 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-gfx/librecad/Manifest | 1 + media-gfx/librecad/librecad-2.1.3-r7.ebuild | 99 +++++++++++++++++++++++++++++ media-gfx/librecad/librecad-9999.ebuild | 37 +++++++++-- 3 files changed, 133 insertions(+), 4 deletions(-)
As asked in the neighbour bug, the mentioned CVEs are fixed respectively with the following patches: librecad-2.1.3-CVE-2021-21898.patch librecad-2.1.3-CVE-2021-21899.patch librecad-2.1.3-CVE-2021-21900.patch The patches from the tarball are available in a dedicated repo[1]. [1]: https://github.com/Fat-Zer/librecad-gentoo-CVE-patches
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d28e84965281e2132f116892a7ea278ba5206c6 commit 4d28e84965281e2132f116892a7ea278ba5206c6 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-25 04:27:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-25 04:27:09 +0000 media-gfx/librecad: drop 2.1.3-r6 Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Signed-off-by: John Helmert III <ajak@gentoo.org> media-gfx/librecad/librecad-2.1.3-r6.ebuild | 58 ----------------------------- 1 file changed, 58 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4243e3bd56259f99508a2874b98aa456257f51e8 commit 4243e3bd56259f99508a2874b98aa456257f51e8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-21 19:44:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-21 19:51:35 +0000 [ GLSA 202305-26 ] LibreCAD: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-26.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
GLSA released, all done!
