Summary: | <media-gfx/librecad-2.1.3-r7: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | fatzer2, maintainer-needed |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/28164 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 832210, 891881 | ||
Bug Blocks: |
Description
John Helmert III
2021-11-20 20:45:22 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae3b58318840afcd6c3dfa9d8b9310c68136527f commit ae3b58318840afcd6c3dfa9d8b9310c68136527f Author: Alexander Golubev <fatzer2@gmail.com> AuthorDate: 2022-11-07 08:11:20 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-28 07:05:29 +0000 media-gfx/librecad: several improvements * bump to EAPI=8 * fix tranlation install * fix live ebuild installation * patch several CVEs Bug: https://bugs.gentoo.org/847394 Bug: https://bugs.gentoo.org/852941 Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Closes: https://bugs.gentoo.org/878925 Signed-off-by: Alexander Golubev <fatzer2@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/28164 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-gfx/librecad/Manifest | 1 + media-gfx/librecad/librecad-2.1.3-r7.ebuild | 99 +++++++++++++++++++++++++++++ media-gfx/librecad/librecad-9999.ebuild | 37 +++++++++-- 3 files changed, 133 insertions(+), 4 deletions(-) As asked in the neighbour bug, the mentioned CVEs are fixed respectively with the following patches: librecad-2.1.3-CVE-2021-21898.patch librecad-2.1.3-CVE-2021-21899.patch librecad-2.1.3-CVE-2021-21900.patch The patches from the tarball are available in a dedicated repo[1]. [1]: https://github.com/Fat-Zer/librecad-gentoo-CVE-patches The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d28e84965281e2132f116892a7ea278ba5206c6 commit 4d28e84965281e2132f116892a7ea278ba5206c6 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-25 04:27:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-25 04:27:09 +0000 media-gfx/librecad: drop 2.1.3-r6 Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Signed-off-by: John Helmert III <ajak@gentoo.org> media-gfx/librecad/librecad-2.1.3-r6.ebuild | 58 ----------------------------- 1 file changed, 58 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4243e3bd56259f99508a2874b98aa456257f51e8 commit 4243e3bd56259f99508a2874b98aa456257f51e8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-21 19:44:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-21 19:51:35 +0000 [ GLSA 202305-26 ] LibreCAD: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/825362 Bug: https://bugs.gentoo.org/832210 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-26.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) GLSA released, all done! |