CVE-2019-16707 (https://nvd.nist.gov/vuln/detail/CVE-2019-16707): Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
See URL for the upstream fix. Could be worth backporting...
(In reply to Lars Wendler (Polynomial-C) from comment #1) > See URL for the upstream fix. Could be worth backporting... Hmmm... I was thinking this, but there is a comment now: https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#commitcomment-35927990 > this is an almost artificial test case. None of the Hunspell dictionaries uses COMPLEXPREFIXES (see here: https://github.com/wooorm/dictionaries), also the bad UTF-8 input word is likely filtered out by the applications with embedded Hunspell. In theory, someone can use any dictionary with it. But most of them won't make this exploitable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e89ec853a42dd375ccc12057c9376e6786d44ba commit 4e89ec853a42dd375ccc12057c9376e6786d44ba Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-06-19 03:50:19 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-28 22:16:56 +0000 app-text/hunspell: Patch CVE-2019-16707 Bug: https://bugs.gentoo.org/717968 Package-Manager: Portage-2.3.101, Repoman-2.3.22 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16320 Signed-off-by: Aaron Bauman <bman@gentoo.org> .../files/hunspell-1.7.0-CVE-2019-16707.patch | 22 ++++++ app-text/hunspell/hunspell-1.7.0-r2.ebuild | 89 ++++++++++++++++++++++ 2 files changed, 111 insertions(+)
please call for stable when ready
ppc/ppc64 stable
arm64 stable
sparc stable
arm stable
amd64 stable
x86 stable. Maintainer(s), please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9066914211115527d8e649624a8a64cb37fd787 commit d9066914211115527d8e649624a8a64cb37fd787 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-17 21:14:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-17 23:59:51 +0000 app-text/hunspell: security cleanup Bug: https://bugs.gentoo.org/717968 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> app-text/hunspell/hunspell-1.7.0-r1.ebuild | 88 ------------------------------ 1 file changed, 88 deletions(-)
Cleanup done, noglsa, closing.
