The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.As this is probably not a widely used plugin, the fix was just to remove the plugin.Shape files are used in surveying and so do not affect the most users.The vulnerability addresses only the plugin Importshp, which is used to import shape files (SHP/SHX/DBF).It fixes a minor vulnerability (CVE-2023-30259) with a mature shapelib contained in our codebase.A regression, finding nearest points on ellipses caused a crash.An undetected vulnerability, opening malformed LFF font files caused a crash.This is a bugfix release for official stable release 2.2.0. Meanwhile, for LibreCAD 2.2.0 series, Qt5 is mandatory. The Qt4 porting was completed eventually during the development of 2.0.0 series, thanks to our master developer Rallaz, and LibreCAD has become Qt3 free except in the 1.0.0 series. Porting the rendering engine to Qt4 proved to be a large task, so LibreCAD initially still depended on the Qt3 support library.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |