Description: "libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character." Patch: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
NOTE: Marked as A3 because unknown exploitability. Could arguably be A2.
app-text/aspell is B category.
sparc stable
x86 stable
s390 stable
amd64 stable
ppc stable
arm stable
ppc64 stable
ia64 stable
hppa stable
arm64 stable
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=297f863bdf8c040987fc3ec6208cff5931eb8f92 commit 297f863bdf8c040987fc3ec6208cff5931eb8f92 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-15 17:24:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 21:15:43 +0000 app-text/aspell: Drop vulnerable Versions <app-text/aspell-0.60.8 are vulnerable, drop them. Closes: https://bugs.gentoo.org/711142 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/14967 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-text/aspell/Manifest | 2 - app-text/aspell/aspell-0.60.7.ebuild | 103 ------------------------------- app-text/aspell/aspell-0.60.7_rc1.ebuild | 100 ------------------------------ 3 files changed, 205 deletions(-)
GLSA Vote: No! Repository is clean, all done!