Update Info


Security update for libredwg

Type: security
Severity: moderate
Issued: 2020-01-22
This update for libredwg fixes the following issues:

libredwg was updated to release 0.9.3:

* Added the -x,--extnames option to dwglayers for r13-r14 DWGs.
* Fixed some leaks: SORTENTSTABLE, PROXY_ENTITY.ownerhandle
  for r13.
* Add DICTIONARY.itemhandles[] for r13 and r14.
* Fixed some dwglayers null pointer derefs, and flush its output
  for each layer.
* Added several overflow checks from fuzzing
  [CVE-2019-20010, boo#1159825], [CVE-2019-20011, boo#1159826],
  [CVE-2019-20012, boo#1159827], [CVE-2019-20013, boo#1159828],
  [CVE-2019-20014, boo#1159831], [CVE-2019-20015, boo#1159832]
* Disallow illegal SPLINE scenarios
  [CVE-2019-20009, boo#1159824]

Update to release 0.9.1:

* Fixed more null pointer dereferences, overflows, hangs and
  memory leaks for fuzzed (i.e. illegal) DWGs.

Update to release 0.9 [boo#1154080]:

* Added the DXF importer, using the new dynapi and the r2000
  encoder. Only for r2000 DXFs.
* Added utf8text conversion functions to the dynapi.
* Added 3DSOLID encoder.
* Added APIs to find handles for names, searching in tables
  and dicts.
* API breaking changes - see NEWS file in package.
* Fixed null pointer dereferences, and memory leaks (except DXF
  [boo#1129868, CVE-2019-9779]
  [boo#1129869, CVE-2019-9778]
  [boo#1129870, CVE-2019-9777]
  [boo#1129873, CVE-2019-9776]
  [boo#1129874, CVE-2019-9773]
  [boo#1129875, CVE-2019-9772]
  [boo#1129876, CVE-2019-9771]
  [boo#1129878, CVE-2019-9775]
  [boo#1129879, CVE-2019-9774]
  [boo#1129881, CVE-2019-9770]

Update to 0.8:

* add a new dynamic API, read and write all header and object
  fields by name
* API breaking changes
* Fix many errors in DXF output
* Fix JSON output
* Many more bug fixes to handle specific object types

This update was imported from the openSUSE:Leap:15.1:Update update project.




  • libredwg-0.9.3-bp151.2.3.1