Debian alert DLA-2934-1 (freecad) [LWN.net]
From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
To: | <debian-lts-announce@lists.debian.org> | |
Subject: | [SECURITY] [DLA 2934-1] freecad security update | |
Date: | Mon, 07 Mar 2022 13:10:47 +0100 | |
Message-ID: | <20220307121047.D4A352A0177@andromeda> |
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian LTS Advisory DLA-2934-1 debian-lts@lists.debian.org
www.debian.org/lts/security/ Emilio Pozuelo Monfort
March 07, 2022 wiki.debian.org/LTS
– ————————————————————————-
Package : freecad
Version : 0.16+dfsg2-3+deb9u1
CVE ID : CVE-2021-45844
Debian Bug : 1005747
A command injection vulnerability was found in FreeCAD, a parametric 3D
modeler, when importing DWF files with crafted filenames.
For Debian 9 stretch, this problem has been fixed in version
0.16+dfsg2-3+deb9u1.
We recommend that you upgrade your freecad packages.
For the detailed security status of freecad please refer to
its security tracker page at:
security-tracker.debian.org/tracker/freecad
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: wiki.debian.org/LTS
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIl9kQACgkQnUbEiOQ2
gwL+GA//Z/CdsLC0ogXZ7ZSsTxUzQH/vm/YTPEn7rEvckofRiZSlwa4rrSpEGWpm
axJcV7J0VG/Rj0cn7yv/HxDfCGyzhjx8OWrydJ3UQDSTs6KIBTlAYkPoGxMWHGVb
7WJT5WGW86uNZejsM2hTe/HRewJ/PbsdY2J0ZJoa5CZl+3DZ11JWxagUz2Ctx1md
FZSlsM1H8f5X65WuRx5/AeKxpt585H7FXEd/g30WgufsHw9T1zfNFQYEQ3s7jID2
A2HMDKPT4aWokffI1B+VYt2KSScS0vlPz7PIVK7xGwbq0US7hqgVv6T9u0zfuWIr
qw6vjl4oEyOM0R228Qpnedw95Lm9Cbk8fOW7bioVaYLZZ1oFp+d5u8LkDYHaflLt
se4RvjE5nn7zibP7ue/Z31XO/SRv/teVJv14z23GowTA05qhAwaeDTsHYxGg4tIR
YCt2v35BgIVFH0tNKyChexVcCPX1mHmUwPyz7MdkDVXV7dq/m1Yt6j+QqboJ51P1
Epk8+fuzoCgHgNaqwdDKQE5UX/6zAtfNCmAR3nruwo+8JkuTQTNCalLJ7Dx/O/Er
jzoZZjC20Kn3NucgRwrArTTQ8x3kjGkA/9RqwiP3/mv2GEWvdbsmZPqE+Nky6FJ8
33/qd+L9Ks/rDmrD4MQCtPcrkVVyBG6Eg0Jc8hTATr8Qxo45RMM=
=Psfq
—–END PGP SIGNATURE—–
(Log in to post comments)
Read more here: Source link