Bug#929246: stretch-pu: package librecad/2.1.2-1+b1

Sun, 19 May 2019 14:34:05 -0700 

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Dear release team,

I would like to fix CVE-2018-19105 in Stretch too. I have prepared an
update, please find attached the debdiff.

Regards,

Markus

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

diff -Nru librecad-2.1.2/debian/changelog librecad-2.1.2/debian/changelog
--- librecad-2.1.2/debian/changelog     2016-09-17 15:53:14.000000000 +0200
+++ librecad-2.1.2/debian/changelog     2019-05-19 23:17:22.000000000 +0200
@@ -1,3 +1,13 @@
+librecad (2.1.2-1+deb9u1) stretch; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-19105:
+    A vulnerability was found in LibreCAD, a computer-aided design system,
+    which could be exploited to crash the application or cause other
+    unspecified impact when opening a specially crafted file. (Closes: #928477)
+
+ -- Markus Koschany <a...@debian.org>  Sun, 19 May 2019 23:17:22 +0200
+
 librecad (2.1.2-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru librecad-2.1.2/debian/patches/CVE-2018-19105.patch 
librecad-2.1.2/debian/patches/CVE-2018-19105.patch
--- librecad-2.1.2/debian/patches/CVE-2018-19105.patch  1970-01-01 
01:00:00.000000000 +0100
+++ librecad-2.1.2/debian/patches/CVE-2018-19105.patch  2019-05-19 
23:17:22.000000000 +0200
@@ -0,0 +1,92 @@
+From: Markus Koschany <a...@debian.org>
+Date: Thu, 16 May 2019 13:08:48 +0200
+Subject: CVE-2018-19105
+
+Bug-Upstream: https://github.com/LibreCAD/LibreCAD/issues/1038
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928477
+Origin: 
https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
+Origin: 
https://github.com/LibreCAD/LibreCAD/commit/8604f171ee380f294102da6154adf77ab754d403
+---
+ libraries/libdxfrw/src/drw_header.cpp |  8 ++++++++
+ libraries/libdxfrw/src/libdxfrw.cpp   | 29 +++++++++++++++++++++++------
+ 2 files changed, 31 insertions(+), 6 deletions(-)
+
+diff --git a/libraries/libdxfrw/src/drw_header.cpp 
b/libraries/libdxfrw/src/drw_header.cpp
+index 1e0530d..6465669 100644
+--- a/libraries/libdxfrw/src/drw_header.cpp
++++ b/libraries/libdxfrw/src/drw_header.cpp
+@@ -20,6 +20,7 @@ DRW_Header::DRW_Header() {
+     linetypeCtrl = layerCtrl = styleCtrl = dimstyleCtrl = appidCtrl = 0;
+     blockCtrl = viewCtrl = ucsCtrl = vportCtrl = vpEntHeaderCtrl = 0;
+     version = DRW::AC1021;
++    curr = NULL;
+ }
+ 
+ void DRW_Header::addComment(std::string c){
+@@ -29,6 +30,13 @@ void DRW_Header::addComment(std::string c){
+ }
+ 
+ void DRW_Header::parseCode(int code, dxfReader *reader){
++    if (NULL == curr && 9 != code) {
++        DRW_DBG("invalid header code: ");
++        DRW_DBG(code);
++        DRW_DBG("\n");
++        return;
++    }
++
+     switch (code) {
+     case 9:
+         curr = new DRW_Variant();
+diff --git a/libraries/libdxfrw/src/libdxfrw.cpp 
b/libraries/libdxfrw/src/libdxfrw.cpp
+index 60d6b74..03da2a6 100644
+--- a/libraries/libdxfrw/src/libdxfrw.cpp
++++ b/libraries/libdxfrw/src/libdxfrw.cpp
+@@ -1839,17 +1839,27 @@ bool dxfRW::processDxf() {
+                     DRW_DBG(sectionstr); DRW_DBG("  processDxf\n");
+                     //found section, process it
+                     if (sectionstr == "HEADER") {
+-                        processHeader();
++                        if (!processHeader()) {
++                            return false;
++                        }
+                     } else if (sectionstr == "CLASSES") {
+ //                        processClasses();
+                     } else if (sectionstr == "TABLES") {
+-                        processTables();
++                        if (!processTables()) {
++                            return false;
++                        }
+                     } else if (sectionstr == "BLOCKS") {
+-                        processBlocks();
++                        if (!processBlocks()) {
++                            return false;
++                        }
+                     } else if (sectionstr == "ENTITIES") {
+-                        processEntities(false);
++                        if (!processEntities(false)) {
++                            return false;
++                        }
+                     } else if (sectionstr == "OBJECTS") {
+-                        processObjects();
++                        if (!processObjects()) {
++                            return false;
++                        }
+                     }
+                 }
+             }
+@@ -1875,7 +1885,14 @@ bool dxfRW::processHeader() {
+                 iface->addHeader(&header);
+                 return true;  //found ENDSEC terminate
+             }
+-        } else header.parseCode(code, reader);
++            else {
++                DRW_DBG("unexpected 0 code in header!\n");
++                return false;
++            }
++        }
++        else {
++            header.parseCode(code, reader);
++        }
+     }
+     return true;
+ }
diff -Nru librecad-2.1.2/debian/patches/series 
librecad-2.1.2/debian/patches/series
--- librecad-2.1.2/debian/patches/series        2016-09-17 15:53:14.000000000 
+0200
+++ librecad-2.1.2/debian/patches/series        2019-05-19 23:17:22.000000000 
+0200
@@ -1 +1,2 @@
 debian_build.patch
+CVE-2018-19105.patch

Reply via email to