CVE-2023-30259 (https://github.com/LibreCAD/LibreCAD/issues/1481): A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. Fix is in 2.2.0.1, but there's another vulnerability that the 2.2.0.2 says is fixed: https://github.com/LibreCAD/LibreCAD/releases/tag/2.2.0.2 "An undetected vulnerability, opening malformed LFF font files caused a crash" Needs bump to 2.2.0.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d119747e183865a1ec18c1f851a422b489fb421a commit d119747e183865a1ec18c1f851a422b489fb421a Author: Michael Mair-Keimberger <mmk@levelnine.at> AuthorDate: 2024-06-29 10:32:23 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2024-06-29 23:54:56 +0000 media-gfx/librecad: add 2.2.0.2 Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at> Bug: https://bugs.gentoo.org/918609 Closes: https://github.com/gentoo/gentoo/pull/37352 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> media-gfx/librecad/Manifest | 1 + media-gfx/librecad/librecad-2.2.0.2.ebuild | 85 ++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+)