Univention Bugzilla – Bug 54658
fribidi: Multiple issues (4.4)
Last modified: 2022-04-13 15:13:15 CEST
New Debian fribidi 0.19.7-1+deb9u2 fixes: This update addresses the following issues: * Stack based buffer overflow (CVE-2022-25308) * Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)
--- mirror/ftp/4.4/unmaintained/4.4-2/source/fribidi_0.19.7-1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/fribidi_0.19.7-1+deb9u2.dsc @@ -1,3 +1,13 @@ +0.19.7-1+deb9u2 [Sun, 10 Apr 2022 11:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-25308 + stack-buffer-overflow issue in main() + * CVE-2022-25309 + heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode() + * CVE-2022-25310 + SEGV issue in fribidi_remove_bidi_marks() + 0.19.7-1+deb9u1 [Sat, 08 Jun 2019 22:39:38 +0200] Samuel Thibault <sthibault@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-8/#3905613218483224153>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1218>