Hi,

The following vulnerability was published for liblouis.

CVE-2022-26981[0]:
| Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in
| compileTranslationTable.c (called, indirectly, by
| tools/lou_checktable.c).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-26981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26981
[1] https://github.com/liblouis/liblouis/issues/1171

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

We believe that the bug you reported is fixed in the latest version of
liblouis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1008009@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated liblouis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 07 Jun 2022 11:31:28 +0200
Source: liblouis
Architecture: source
Version: 3.22.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Accessibility Team <pkg-a11y-devel@alioth-lists.debian.net>
Changed-By: Samuel Thibault <sthibault@debian.org>
Closes: 1008009 1011984
Changes:
 liblouis (3.22.0-1) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * New upstream release.
     - Closes: #1008009 CVE-2022-26981
     - Closes: #1011984 CVE-2022-31783
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster:
     + Build-Depends: Drop versioned constraint on automake and dpkg-dev.
Checksums-Sha1:
 d86b94fadc2cf31250de67d9b798f5d5d88b3c25 2349 liblouis_3.22.0-1.dsc
 fa18382cc35eb4872e7aa9102670e200adad25a3 16397405 liblouis_3.22.0.orig.tar.gz
 891ba2d2d05ed42b7b9918723bea2cb492e3a446 10540 liblouis_3.22.0-1.debian.tar.xz
 6f19381e37642cbabdb0df3905e7900fa2df892f 8584 liblouis_3.22.0-1_amd64.buildinfo
Checksums-Sha256:
 d3340ab057bfd7e31a11761100cf2b3aadc56b07a2c73f27b6f174379ed44ae0 2349 liblouis_3.22.0-1.dsc
 79bc508425822e4df2ea50ac4a648e80ef0878afcd979b655bfcac5c1766763f 16397405 liblouis_3.22.0.orig.tar.gz
 e4af387789429cbacad6800d8fd819b6a16e194bee4e54c9320cfdb19a76b43a 10540 liblouis_3.22.0-1.debian.tar.xz
 42c3730dc4c0610a4a0d22ecc493de2e7225ee6982afe868fcf89cc2873b9b97 8584 liblouis_3.22.0-1_amd64.buildinfo
Files:
 5981b6c013230febcadcfcf88a6ca093 2349 libs optional liblouis_3.22.0-1.dsc
 1fda3337736b0636c7efe5bb1e3f1fbb 16397405 libs optional liblouis_3.22.0.orig.tar.gz
 e12794eafa3d51359f030eae79626822 10540 libs optional liblouis_3.22.0-1.debian.tar.xz
 683c4fd24e9c3eb8cf06e174efc311df 8584 libs optional liblouis_3.22.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi6MnFvk67auaclLJ5pG0tXV4H2IFAmKfHnMACgkQ5pG0tXV4
H2Lb2Q/8DqZrloprUoycHDSw7WgbmkDh0bGrir3g8hK3JWyAdFKMB4kT2aAHyvb8
dSJa5vJdxHqmsPnKJ2xKf+hzhbgqIm1ISmFBZc/5zVb39RBGKBQGalKbmFY+hzae
q/bNLb/BNYd0sQiZ3yPSpID6BPYVtCdXaLW8Igvvl/ZOmsB23TCdfRKKEqLz3d6A
cYwCt2QjS/c2kabNegQ1JtgC6GO8NS/R0j2cWoX2FP9rrGlHD5CmBWVP1MX0ietW
IvZbK363cVNDUXpn+kz2xGKjtftu1TKnCOzbBxjcqs+MjIcBt4xNpQ1cwEEJT5mp
WcTR8gA6fqd+0ZFokBzXEIYY4gT0tLYR2dG+OnWVACRkTOkrDJJ5CoeBy3Ok+NPb
4XOnq7dp8z5rdns/BoS3Jky+VBca1nPbK5dSlX1TS+KuVqg6T9bBOAjotKfi4mUJ
UBOxeBHFI2/yyND283HCHALG0SCDvtuVWAn4n4u546OsPrIKY/VMfMRSfaH9E5Jh
TvFGCqcvNS+JJDZ0GpP/OaZMU4I26HrKzeXhkUqRbTId/nzw6cWZNr89TropFdhH
ffD+z4hK7NedFCIB/mp6D++nEtG1qy2KjOVRbVXriAECS7TmJxeRcwRbeCiZ1RMO
OwHqH+B2ovJP2trF4VLkkX74ND0OsKT18PftgMu0FDbveRgVoD8=
=UJuO
-----END PGP SIGNATURE-----