Your message dated Sun, 09 Apr 2023 19:34:18 +0000 with message-id <e1planq-002isa...@fasolo.debian.org> and subject line Bug#1010347: fixed in cloudcompare 2.11.3-7.1 has caused the Debian Bug report #1010347, regarding cloudcompare: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010347 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: cloudcompare Version: 2.11.3-5 Severity: important Tags: security X-Debbugs-Cc: codeh...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for cloudcompare. CVE-2021-21897[0]: | A code execution vulnerability exists in the | DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib | 3.17.0. A specially-crafted .dxf file can lead to a heap buffer | overflow. An attacker can provide a malicious file to trigger this | vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-21897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21897 Please adjust the affected versions in the BTS as needed. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.17.0-1-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: cloudcompare Source-Version: 2.11.3-7.1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of cloudcompare, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated cloudcompare package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Apr 2023 14:45:46 +0300 Source: cloudcompare Architecture: source Version: 2.11.3-7.1 Distribution: unstable Urgency: medium Maintainer: Gürkan Myczko <t...@debian.org> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1010347 Changes: cloudcompare (2.11.3-7.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2021-21897: Heap-based buffer overflow loading a DXF file. (Closes: #1010347) Checksums-Sha1: f6beb197efb58c9fdc634c433c0aab68b416c321 2096 cloudcompare_2.11.3-7.1.dsc bf5e563116110d9e98652d4f0f885b2cfa2aa2d0 12496 cloudcompare_2.11.3-7.1.debian.tar.xz Checksums-Sha256: c5b93db5c0f83654d5519c5be22c87275cd45631cc09961d1e22b74b2ad350ba 2096 cloudcompare_2.11.3-7.1.dsc 75f9fe83d58b93d71c64607d8eb71b3e79f8528f8b3bfd4123de66ef4cf3d6cd 12496 cloudcompare_2.11.3-7.1.debian.tar.xz Files: 781c12e9aa466827cbc5fa4d7f68b4b6 2096 graphics optional cloudcompare_2.11.3-7.1.dsc 20095c5fc30d53a6acaa190896356423 12496 graphics optional cloudcompare_2.11.3-7.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmQwBN8ACgkQiNJCh6LY mLE8ww//dO4zpQDR+CJ/5C1XONCAU3r9OjLDERcBH6NbkBsvRYkyc3imf7sVAFYR xDDIwp5+JoxtI5Z1S21Rc05cZfSXlcAcfNRwJa/Nxt615l48lNQQiU6+22D0nDgU rMq0mPf11OOUw3Lw6Jq9nTIgMBtegFCLDaM6oyj6exsPhzd/4qEB9w7EK14AufhS jw4/UE49r+nJeecw2mPMltGiJOE2v7/kxOpg5gW9/OcUhjrcBI8gcnfMc7ugMy4f odCh43/gB4vAW3RZp9/+/J9rwToE/NfOitMOfXV0j6TviGipBDMz23PQHRvJzDgu +6wvoLpz5bRF8d8QPu8lREFzc4xNyJjsos5KTG1DeA4kaMepfHs7PdEZermUYDe1 r6bE9KzZCyTn/h59F1cEZ/exPYS778HWqkw1i3Dbj2BEZVzqC+Tz4HjMBzPX+ItF EKpP4rJspy3hqjTg1+3pa/jCwvpQLnJP5+a04LAOo+MXQDCqNoT9Eez85X5d/Um9 abDvacaL7v5yEw6YPypvHD1fJVHFzYTin48MRN88oZH6uER/EFmgsQlLvQWU8Fr3 Oth+UMBS1Q7OpDzV/bf8SBhy+H7/ykausbfmbVpEW+0Dj54MgCXuHlWZiDCBrt4k 5Sv4C2PCK+ij1f/R4PuUCa75BfpdhJZ2Z05/swAb0EXmBPgYs5M= =zBYU -----END PGP SIGNATURE-----
--- End Message ---
