Bug 803113 (CVE-2019-25051)

Summary:	<app-text/aspell-0.60.8-r3: heap buffer overflow (CVE-2019-25051)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	conikost
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
Whiteboard:	B2 [glsa+]
Package list:	app-text/aspell-0.60.8-r3 *	Runtime testing required:	---

Description John Helmert III archtester

2021-07-20 22:46:29 UTC

CVE-2019-25051:

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

Apparently unreleased patch: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a

Comment 1 Larry the Git Cow gentoo-dev

2021-07-20 23:28:15 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bf5957c0e28cda26533b9995b69fe24972bd1f9

commit 1bf5957c0e28cda26533b9995b69fe24972bd1f9
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-20 23:27:56 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-20 23:27:56 +0000

    app-text/aspell: drop old version
    
    Bug: https://bugs.gentoo.org/803113
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-text/aspell/aspell-0.60.8-r2.ebuild | 112 --------------------------------
 1 file changed, 112 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e8adb6ed480c4538fc561c348f5bab3d4410baa

commit 0e8adb6ed480c4538fc561c348f5bab3d4410baa
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2021-07-20 23:26:08 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2021-07-20 23:26:08 +0000

    app-text/aspell: fix CVE-2019-25051
    
    Debian also applied this upstream patch to their aspell package.
    
    Bug: https://bugs.gentoo.org/803113
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 app-text/aspell/aspell-0.60.8-r3.ebuild            | 113 +++++++++++++++++++++
 .../files/aspell-0.60.8-cve-2019-25051.patch       |  96 +++++++++++++++++
 2 files changed, 209 insertions(+)

Comment 2 Sam James archtester

2021-07-21 05:14:49 UTC

Thank you! Let us know when ready to stable.

Comment 3 Conrad Kostecki gentoo-dev

2021-07-21 08:46:28 UTC

(In reply to Sam James from comment #2)
> Thank you! Let us know when ready to stable.

Already done, since this was only a patch, I revbumped with same keywords and dropped old one.

Comment 4 John Helmert III archtester

2021-07-21 21:43:08 UTC

(In reply to Conrad Kostecki from comment #3)
> (In reply to Sam James from comment #2)
> > Thank you! Let us know when ready to stable.
> 
> Already done, since this was only a patch, I revbumped with same keywords
> and dropped old one.

Thanks!

Comment 5 NATTkA bot gentoo-dev

2022-02-09 23:00:43 UTC

Unable to check for sanity:

> no match for package: app-text/aspell-0.60.8-r3

Comment 6 Larry the Git Cow gentoo-dev

2024-02-26 12:30:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7d9d089a012fd0128c929c9808b85e48104cfea9

commit 7d9d089a012fd0128c929c9808b85e48104cfea9
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-26 12:30:16 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-26 12:30:42 +0000

    [ GLSA 202402-31 ] GNU Aspell: Heap Buffer Overflow
    
    Bug: https://bugs.gentoo.org/803113
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-31.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)