[SECURITY] Fedora EPEL 7 Update: libdxfrw-1.0.1-1.el7 - epel-package-announce - Fedora mailing-lists

30 Nov 2021


      --------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2021-cd37548bc5
2021-12-01 00:36:57.204760
--------------------------------------------------------------------------------
Name        : libdxfrw
Product     : Fedora EPEL 7
Version     : 1.0.1
Release     : 1.el7
URL         : https://github.com/LibreCAD/libdxfrw
Summary     : Library to read/write DXF files
Description :
libdxfrw is a free C++ library to read and write DXF files in both formats,
ASCII and binary form.
--------------------------------------------------------------------------------
Update Information:
Update libdxfrw to 1.0.1 (from upstream git). Rebuild librecad against it.  This
fixes CVE-2021-21898, CVE-2021-21899, and CVE-2021-21900.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 22 2021 Tom Callaway spot@fedoraproject.org - 1.0.1-1
- rebase to new code home, fixes CVE-2021-21898/21899/21900
* Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu May 27 2021 Tom Callaway spot@fedoraproject.org - 0.6.3-18
- disable rpath
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 31 2020 Tom Callaway spot@fedoraproject.org - 0.6.3-16
- more fixes from LibreCAD git
* Wed Nov  4 2020 Tom Callaway spot@fedoraproject.org - 0.6.3-15
- add all of the current fixes from LibreCAD git
* Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb  1 2019 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Nov 12 2018 Tom Callaway spot@fedoraproject.org - 0.6.3-10
- add fix from librecad for CVE-2018-19105
* Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb  7 2018 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug  3 2017 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon May 15 2017 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.6.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Jun  6 2016 Tom Callaway spot@fedoraproject.org - 0.6.3-3
- apply changes from LibreCad 2.1.0
* Thu Feb  4 2016 Fedora Release Engineering releng@fedoraproject.org - 0.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jan 12 2016 Tom Callaway spot@fedoraproject.org - 0.6.3-1
- update to 0.6.3
* Fri Sep 11 2015 Tom Callaway spot@fedoraproject.org - 0.6.1-1
- update to 0.6.1
* Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat May  2 2015 Kalev Lember kalevlember@gmail.com - 0.5.11-5
- Rebuilt for GCC 5 C++11 ABI change
* Thu Mar 26 2015 Kalev Lember kalevlember@gmail.com - 0.5.11-4
- Rebuilt for GCC 5 ABI change
* Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2025628 - CVE-2021-21899 librecad: heap out-of-bounds write in dwgCompressor:copyCompBytes21
        https://bugzilla.redhat.com/show_bug.cgi?id=2025628
  [ 2 ] Bug #2025631 - CVE-2021-21900 librecad: use-after-free in dxfRW:processLType()
        https://bugzilla.redhat.com/show_bug.cgi?id=2025631
  [ 3 ] Bug #2025634 - CVE-2021-21898 librecad: out-of-bounds write in dwgCompressor:decompress18()
        https://bugzilla.redhat.com/show_bug.cgi?id=2025634
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs.  Use
su -c 'yum update libdxfrw' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------