Univention Bugzilla – Bug 55190
fribidi: Multiple issues (5.0)
Last modified: 2022-09-13 17:50:20 CEST
New Debian fribidi 1.0.5-3.1+deb10u2 fixes: This update addresses the following issues: * Stack based buffer overflow (CVE-2022-25308) * Heap-buffer-overflow in fribidi_cap_rtl_to_unicode (CVE-2022-25309) * SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)
--- mirror/ftp/pool/main/f/fribidi/fribidi_1.0.5-3.1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/fribidi_1.0.5-3.1+deb10u2.dsc @@ -1,3 +1,14 @@ +1.0.5-3.1+deb10u2 [Tue, 05 Apr 2022 22:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-25308 + stack-buffer-overflow issue in main() + * CVE-2022-25309 + heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode() + * CVE-2022-25310 + SEGV issue in fribidi_remove_bidi_marks() + (Closes: #1008793) + 1.0.5-3.1+deb10u1 [Wed, 06 Nov 2019 07:48:41 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-2/#1624128815194955887>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x416>