[Git][security-tracker-team/security-tracker][master] CVE-2021-21897/cloudcompare horizon-eda librecad
Neil Williams (@codehelp)
codehelp at debian.org
Fri Apr 29 11:14:27 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b2009a7 by Neil Williams at 2022-04-29T11:14:11+01:00
CVE-2021-21897/cloudcompare horizon-eda librecad
Each supports loading a DXF file that could trigger the vulnerability
in the embedded dxflib.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89075,13 +89075,15 @@ CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::deco
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
+ - cloudcompare <unfixed> (bug #1010347)
- dxflib 3.26.4-1
[bullseye] - dxflib <no-dsa> (Minor issue)
[buster] - dxflib <no-dsa> (Minor issue)
[stretch] - dxflib <no-dsa> (Minor issue)
+ - horizon-eda <unfixed> (bug #1010348)
+ - librecad <unfixed> (bug #1010349)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
- TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
NOT-FOR-US: Lantronix PremierWave
CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b2009a7fa2c57147c57bab2b86b21be5d300d16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b2009a7fa2c57147c57bab2b86b21be5d300d16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/d52ed44c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list