Summary: | <dev-libs/fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c (CVE-2019-18397) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-libs/fribidi-1.0.8
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
![]() Upstream fix (already public): https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e557a14b9c35e0ea9b8a29f50d22a96b9e7fc1 commit 77e557a14b9c35e0ea9b8a29f50d22a96b9e7fc1 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-12-25 20:46:50 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-12-25 20:50:28 +0000 dev-libs/fribidi: security bump to 1.0.8 Bug: https://bugs.gentoo.org/699338 Package-Manager: Portage-2.3.79, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> dev-libs/fribidi/Manifest | 1 + dev-libs/fribidi/fribidi-1.0.8.ebuild | 37 +++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) amd64 stable arm64 stable ia64 stable hppa/sparc stable x86 stable ppc64 stable ppc stable arm stable s390 stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-41 at https://security.gentoo.org/glsa/202003-41 by GLSA coordinator Thomas Deutschmann (whissi). |