Univention Bugzilla – Bug 53611
aspell: Multiple issues (4.4)
Last modified: 2021-07-28 18:38:03 CEST
New Debian aspell 0.60.7~20110707-3+deb9u1 fixes: This update addresses the following issues: * stack-based buffer over-read in acommon::unescape in common/getdata.cpp (CVE-2019-17544) * Heap-buffer-overflow in acommon::ObjStack::dup_top (CVE-2019-25051)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/aspell_0.60.7~20110707-3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/aspell_0.60.7~20110707-3+deb9u1.dsc @@ -1,3 +1,13 @@ +0.60.7~20110707-3+deb9u1 [Sat, 24 Jul 2021 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-25051 + objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow + * CVE-2019-17544 + It was discovered that Aspell incorrectly handled certain inputs which + leads to a stack-based buffer over-read. + An attacker could potentially access sensitive information. + 0.60.7~20110707-3 [Fri, 06 Mar 2015 18:38:42 +0100] Agustin Martin Domingo <agmartin@debian.org>: * Really upload to sid. <http://piuparts.knut.univention.de/4.4-8/#8431632324123771612>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1013>