CVE-2022-26981: Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
Patch: https://github.com/liblouis/liblouis/commit/49f4ee3b12197cd505d3d33a03f05c42ff0d5060
CVE-2022-31783 (https://github.com/liblouis/liblouis/commit/ff747ec5e1ac54d54194846f6fe5bfc689192a85): https://github.com/liblouis/liblouis/issues/1214 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. The actual (unreleased) patch is: https://github.com/liblouis/liblouis/commit/2e4772befb2b1c37cb4b9d6572945115ee28630a
Both patches are in 3.22.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0d8d362d02f268871250ebeb1446dbe9bacfe5a commit e0d8d362d02f268871250ebeb1446dbe9bacfe5a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-18 00:06:50 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-18 00:55:15 +0000 dev-libs/liblouis: add 3.22.0 Bug: https://bugs.gentoo.org/835093 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-libs/liblouis/Manifest | 1 + dev-libs/liblouis/liblouis-3.22.0.ebuild | 75 ++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+)
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be785231506a1fcd7fe1492e3e6e842a93717c68 commit be785231506a1fcd7fe1492e3e6e842a93717c68 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-22 16:59:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 17:00:25 +0000 dev-libs/liblouis: drop 3.17.0, 3.20.0, 3.22.0 Bug: https://bugs.gentoo.org/835093 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-libs/liblouis/Manifest | 3 -- dev-libs/liblouis/liblouis-3.17.0.ebuild | 75 -------------------------------- dev-libs/liblouis/liblouis-3.20.0.ebuild | 75 -------------------------------- dev-libs/liblouis/liblouis-3.22.0.ebuild | 75 -------------------------------- 4 files changed, 228 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=34441de4265fa8cf17547bd256447ecec4367521 commit 34441de4265fa8cf17547bd256447ecec4367521 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-01-11 05:18:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-11 05:22:05 +0000 [ GLSA 202301-06 ] liblouis: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/835093 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202301-06.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)
GLSA released, all done!