Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 905298 (CVE-2023-26767, CVE-2023-26768, CVE-2023-26769) - <dev-libs/liblouis-3.25.0: Multiple vulnerabilities
Summary: <dev-libs/liblouis-3.25.0: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2023-26767, CVE-2023-26768, CVE-2023-26769
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ stable]
Keywords:
Depends on: 934009
Blocks:
  Show dependency tree
 
Reported: 2023-04-29 16:56 UTC by John Helmert III
Modified: 2024-09-22 08:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 16:56:58 UTC 
CVE-2023-26767 (https://github.com/liblouis/liblouis/issues/1292):

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint.

CVE-2023-26768 (https://github.com/liblouis/liblouis/issues/1301):

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions.

CVE-2023-26769 (https://github.com/liblouis/liblouis/pull/1300):

Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c.

Patches in 3.25.0. Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2023-05-11 01:21:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05377550aeb48468fad806da285f31b7924b1786

commit 05377550aeb48468fad806da285f31b7924b1786
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-05-11 01:21:05 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-11 01:21:34 +0000

    dev-libs/liblouis: add 3.25.0
    
    Closes: https://bugs.gentoo.org/874309
    Bug: https://bugs.gentoo.org/905298
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/liblouis/Manifest               |  1 +
 dev-libs/liblouis/liblouis-3.25.0.ebuild | 94 ++++++++++++++++++++++++++++++++
 2 files changed, 95 insertions(+)
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-19 13:35:58 UTC 
Ping. Please file a stable bug for liblouis-3.25.0.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-09-22 02:04:56 UTC 
Proceeding since ppc is last remaining arch.
Comment 4 Larry the Git Cow gentoo-dev 2024-09-22 08:31:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=93af9502caeaaee53e016304ac4a2e5bd3192822

commit 93af9502caeaaee53e016304ac4a2e5bd3192822
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-09-22 08:30:59 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-09-22 08:31:08 +0000

    [ GLSA 202409-18 ] liblouis: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/905298
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202409-18.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)