Bug#1010349: librecad: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib

[Moritz Mühlenhoff]

Am Sat, May 28, 2022 at 06:36:29PM +0200 schrieb Sylvain Beucler:
> Hello Neil,
> 
> I'm triaging this vulnerability for Debian LTS / stretch.
> 
> It appears librecad is not affected (all dists):
> 
> - the package uses system dxflib, cf. debian/patches/debian_build.patch

But is that functional/working as expected? librecad does not
have and dependency on libdxflib3?

Cheers,
        Moritz