--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package librecad/2.1.2-1+b1
- From: Markus Koschany <apo@debian.org>
- Date: Sun, 19 May 2019 23:30:10 +0200
- Message-id: <155830141025.2922.14584464246936771627.reportbug@spike>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
I would like to fix CVE-2018-19105 in Stretch too. I have prepared an
update, please find attached the debdiff.
Regards,
Markus
-- System Information:
Debian Release: 10.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
diff -Nru librecad-2.1.2/debian/changelog librecad-2.1.2/debian/changelog
--- librecad-2.1.2/debian/changelog 2016-09-17 15:53:14.000000000 +0200
+++ librecad-2.1.2/debian/changelog 2019-05-19 23:17:22.000000000 +0200
@@ -1,3 +1,13 @@
+librecad (2.1.2-1+deb9u1) stretch; urgency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2018-19105:
+ A vulnerability was found in LibreCAD, a computer-aided design system,
+ which could be exploited to crash the application or cause other
+ unspecified impact when opening a specially crafted file. (Closes: #928477)
+
+ -- Markus Koschany <apo@debian.org> Sun, 19 May 2019 23:17:22 +0200
+
librecad (2.1.2-1) unstable; urgency=medium
* New upstream release
diff -Nru librecad-2.1.2/debian/patches/CVE-2018-19105.patch librecad-2.1.2/debian/patches/CVE-2018-19105.patch
--- librecad-2.1.2/debian/patches/CVE-2018-19105.patch 1970-01-01 01:00:00.000000000 +0100
+++ librecad-2.1.2/debian/patches/CVE-2018-19105.patch 2019-05-19 23:17:22.000000000 +0200
@@ -0,0 +1,92 @@
+From: Markus Koschany <apo@debian.org>
+Date: Thu, 16 May 2019 13:08:48 +0200
+Subject: CVE-2018-19105
+
+Bug-Upstream: https://github.com/LibreCAD/LibreCAD/issues/1038
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928477
+Origin: https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
+Origin: https://github.com/LibreCAD/LibreCAD/commit/8604f171ee380f294102da6154adf77ab754d403
+---
+ libraries/libdxfrw/src/drw_header.cpp | 8 ++++++++
+ libraries/libdxfrw/src/libdxfrw.cpp | 29 +++++++++++++++++++++++------
+ 2 files changed, 31 insertions(+), 6 deletions(-)
+
+diff --git a/libraries/libdxfrw/src/drw_header.cpp b/libraries/libdxfrw/src/drw_header.cpp
+index 1e0530d..6465669 100644
+--- a/libraries/libdxfrw/src/drw_header.cpp
++++ b/libraries/libdxfrw/src/drw_header.cpp
+@@ -20,6 +20,7 @@ DRW_Header::DRW_Header() {
+ linetypeCtrl = layerCtrl = styleCtrl = dimstyleCtrl = appidCtrl = 0;
+ blockCtrl = viewCtrl = ucsCtrl = vportCtrl = vpEntHeaderCtrl = 0;
+ version = DRW::AC1021;
++ curr = NULL;
+ }
+
+ void DRW_Header::addComment(std::string c){
+@@ -29,6 +30,13 @@ void DRW_Header::addComment(std::string c){
+ }
+
+ void DRW_Header::parseCode(int code, dxfReader *reader){
++ if (NULL == curr && 9 != code) {
++ DRW_DBG("invalid header code: ");
++ DRW_DBG(code);
++ DRW_DBG("\n");
++ return;
++ }
++
+ switch (code) {
+ case 9:
+ curr = new DRW_Variant();
+diff --git a/libraries/libdxfrw/src/libdxfrw.cpp b/libraries/libdxfrw/src/libdxfrw.cpp
+index 60d6b74..03da2a6 100644
+--- a/libraries/libdxfrw/src/libdxfrw.cpp
++++ b/libraries/libdxfrw/src/libdxfrw.cpp
+@@ -1839,17 +1839,27 @@ bool dxfRW::processDxf() {
+ DRW_DBG(sectionstr); DRW_DBG(" processDxf\n");
+ //found section, process it
+ if (sectionstr == "HEADER") {
+- processHeader();
++ if (!processHeader()) {
++ return false;
++ }
+ } else if (sectionstr == "CLASSES") {
+ // processClasses();
+ } else if (sectionstr == "TABLES") {
+- processTables();
++ if (!processTables()) {
++ return false;
++ }
+ } else if (sectionstr == "BLOCKS") {
+- processBlocks();
++ if (!processBlocks()) {
++ return false;
++ }
+ } else if (sectionstr == "ENTITIES") {
+- processEntities(false);
++ if (!processEntities(false)) {
++ return false;
++ }
+ } else if (sectionstr == "OBJECTS") {
+- processObjects();
++ if (!processObjects()) {
++ return false;
++ }
+ }
+ }
+ }
+@@ -1875,7 +1885,14 @@ bool dxfRW::processHeader() {
+ iface->addHeader(&header);
+ return true; //found ENDSEC terminate
+ }
+- } else header.parseCode(code, reader);
++ else {
++ DRW_DBG("unexpected 0 code in header!\n");
++ return false;
++ }
++ }
++ else {
++ header.parseCode(code, reader);
++ }
+ }
+ return true;
+ }
diff -Nru librecad-2.1.2/debian/patches/series librecad-2.1.2/debian/patches/series
--- librecad-2.1.2/debian/patches/series 2016-09-17 15:53:14.000000000 +0200
+++ librecad-2.1.2/debian/patches/series 2019-05-19 23:17:22.000000000 +0200
@@ -1 +1,2 @@
debian_build.patch
+CVE-2018-19105.patch
--- End Message ---