Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 803113 (CVE-2019-25051)

Summary: <app-text/aspell-0.60.8-r3: heap buffer overflow (CVE-2019-25051)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: conikost
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
Whiteboard: B2 [glsa+]
Package list:
app-text/aspell-0.60.8-r3 *
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-20 22:46:29 UTC
CVE-2019-25051:

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

Apparently unreleased patch: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
Comment 1 Larry the Git Cow gentoo-dev 2021-07-20 23:28:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bf5957c0e28cda26533b9995b69fe24972bd1f9

commit 1bf5957c0e28cda26533b9995b69fe24972bd1f9
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-20 23:27:56 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-20 23:27:56 +0000

    app-text/aspell: drop old version
    
    Bug: https://bugs.gentoo.org/803113
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-text/aspell/aspell-0.60.8-r2.ebuild | 112 --------------------------------
 1 file changed, 112 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e8adb6ed480c4538fc561c348f5bab3d4410baa

commit 0e8adb6ed480c4538fc561c348f5bab3d4410baa
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-20 23:26:08 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-20 23:26:08 +0000

    app-text/aspell: fix CVE-2019-25051
    
    Debian also applied this upstream patch to their aspell package.
    
    Bug: https://bugs.gentoo.org/803113
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-text/aspell/aspell-0.60.8-r3.ebuild            | 113 +++++++++++++++++++++
 .../files/aspell-0.60.8-cve-2019-25051.patch       |  96 +++++++++++++++++
 2 files changed, 209 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-21 05:14:49 UTC
Thank you! Let us know when ready to stable.
Comment 3 Conrad Kostecki gentoo-dev 2021-07-21 08:46:28 UTC
(In reply to Sam James from comment #2)
> Thank you! Let us know when ready to stable.

Already done, since this was only a patch, I revbumped with same keywords and dropped old one.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-21 21:43:08 UTC
(In reply to Conrad Kostecki from comment #3)
> (In reply to Sam James from comment #2)
> > Thank you! Let us know when ready to stable.
> 
> Already done, since this was only a patch, I revbumped with same keywords
> and dropped old one.

Thanks!
Comment 5 NATTkA bot gentoo-dev 2022-02-09 23:00:43 UTC
Unable to check for sanity:

> no match for package: app-text/aspell-0.60.8-r3
Comment 6 Larry the Git Cow gentoo-dev 2024-02-26 12:30:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7d9d089a012fd0128c929c9808b85e48104cfea9

commit 7d9d089a012fd0128c929c9808b85e48104cfea9
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-26 12:30:16 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-26 12:30:42 +0000

    [ GLSA 202402-31 ] GNU Aspell: Heap Buffer Overflow
    
    Bug: https://bugs.gentoo.org/803113
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-31.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)