Summary: | <dev-libs/liblouis-3.22.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | accessibility |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/liblouis/liblouis/issues/1171 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 879999 | ||
Bug Blocks: |
Description
John Helmert III
2022-03-13 22:58:41 UTC
CVE-2022-31783 (https://github.com/liblouis/liblouis/commit/ff747ec5e1ac54d54194846f6fe5bfc689192a85): https://github.com/liblouis/liblouis/issues/1214 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. The actual (unreleased) patch is: https://github.com/liblouis/liblouis/commit/2e4772befb2b1c37cb4b9d6572945115ee28630a Both patches are in 3.22.0 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0d8d362d02f268871250ebeb1446dbe9bacfe5a commit e0d8d362d02f268871250ebeb1446dbe9bacfe5a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-18 00:06:50 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-18 00:55:15 +0000 dev-libs/liblouis: add 3.22.0 Bug: https://bugs.gentoo.org/835093 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-libs/liblouis/Manifest | 1 + dev-libs/liblouis/liblouis-3.22.0.ebuild | 75 ++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be785231506a1fcd7fe1492e3e6e842a93717c68 commit be785231506a1fcd7fe1492e3e6e842a93717c68 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-22 16:59:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 17:00:25 +0000 dev-libs/liblouis: drop 3.17.0, 3.20.0, 3.22.0 Bug: https://bugs.gentoo.org/835093 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-libs/liblouis/Manifest | 3 -- dev-libs/liblouis/liblouis-3.17.0.ebuild | 75 -------------------------------- dev-libs/liblouis/liblouis-3.20.0.ebuild | 75 -------------------------------- dev-libs/liblouis/liblouis-3.22.0.ebuild | 75 -------------------------------- 4 files changed, 228 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=34441de4265fa8cf17547bd256447ecec4367521 commit 34441de4265fa8cf17547bd256447ecec4367521 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-01-11 05:18:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-11 05:22:05 +0000 [ GLSA 202301-06 ] liblouis: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/835093 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202301-06.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) GLSA released, all done! |