CVE-2018-12085 (https://nvd.nist.gov/vuln/detail/CVE-2018-12085): Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. CVE-2018-11685 (https://nvd.nist.gov/vuln/detail/CVE-2018-11685): Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. CVE-2018-11684 (https://nvd.nist.gov/vuln/detail/CVE-2018-11684): Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. CVE-2018-11683 (https://nvd.nist.gov/vuln/detail/CVE-2018-11683): Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. CVE-2018-11577 (https://nvd.nist.gov/vuln/detail/CVE-2018-11577): Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. CVE-2018-11440 (https://nvd.nist.gov/vuln/detail/CVE-2018-11440): Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c. CVE-2018-11410 (https://nvd.nist.gov/vuln/detail/CVE-2018-11410): An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Maintainers could you confirm if we are affected? Last stable version in tree is 2.5.3, far behind 3.5.0 I guess. Thank you,
There are not many reverse dependencies for this, so I suggest we go ahead and start work on stabilizing 3.10.0 so we can get the older version out of the tree.
@arches, please stabilize.
amd64 stable
x86 stable
ppc stable
ppc64 stable
alpha stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3eb861b01356813e65b4e39f22e7a23c4029ac68 commit 3eb861b01356813e65b4e39f22e7a23c4029ac68 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2019-08-31 18:12:57 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2019-08-31 18:14:36 +0000 dev-libs/liblouis: remove old version Bug: https://bugs.gentoo.org/661150 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: William Hubbs <williamh@gentoo.org> dev-libs/liblouis/Manifest | 1 - dev-libs/liblouis/liblouis-2.5.3.ebuild | 64 --------------------------------- 2 files changed, 65 deletions(-)
