- Package:
- src:liblouis
- Source:
- liblouis
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2022-06-07 10:21:07 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for liblouis. CVE-2022-31783[0]: | Liblouis 3.21.0 has an out-of-bounds write in compileRule in | compileTranslationTable.c, as demonstrated by lou_trace. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31783 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31783 [1] https://github.com/liblouis/liblouis/issues/1214 [2] https://github.com/liblouis/liblouis/commit/ff747ec5e1ac54d54194846f6fe5bfc689192a85 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Hello, Salvatore Bonaccorso, le sam. 28 mai 2022 12:56:30 +0200, a ecrit: lou_trace takes a braille table as input, which is not something people would inject from outer sources. So I'm lowering the severity of this bug, it'll get close when upstream integrates the fix. Samuel
Hi Samuel, Okay, yes this make sense. Regards, Salvatore
We believe that the bug you reported is fixed in the latest version of
liblouis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1011984@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated liblouis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 07 Jun 2022 11:31:28 +0200
Source: liblouis
Architecture: source
Version: 3.22.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Accessibility Team <pkg-a11y-devel@alioth-lists.debian.net>
Changed-By: Samuel Thibault <sthibault@debian.org>
Closes: 1008009 1011984
Changes:
liblouis (3.22.0-1) unstable; urgency=medium
.
[ Samuel Thibault ]
* New upstream release.
- Closes: #1008009 CVE-2022-26981
- Closes: #1011984 CVE-2022-31783
.
[ Debian Janitor ]
* Remove constraints unnecessary since buster:
+ Build-Depends: Drop versioned constraint on automake and dpkg-dev.
Checksums-Sha1:
d86b94fadc2cf31250de67d9b798f5d5d88b3c25 2349 liblouis_3.22.0-1.dsc
fa18382cc35eb4872e7aa9102670e200adad25a3 16397405 liblouis_3.22.0.orig.tar.gz
891ba2d2d05ed42b7b9918723bea2cb492e3a446 10540 liblouis_3.22.0-1.debian.tar.xz
6f19381e37642cbabdb0df3905e7900fa2df892f 8584 liblouis_3.22.0-1_amd64.buildinfo
Checksums-Sha256:
d3340ab057bfd7e31a11761100cf2b3aadc56b07a2c73f27b6f174379ed44ae0 2349 liblouis_3.22.0-1.dsc
79bc508425822e4df2ea50ac4a648e80ef0878afcd979b655bfcac5c1766763f 16397405 liblouis_3.22.0.orig.tar.gz
e4af387789429cbacad6800d8fd819b6a16e194bee4e54c9320cfdb19a76b43a 10540 liblouis_3.22.0-1.debian.tar.xz
42c3730dc4c0610a4a0d22ecc493de2e7225ee6982afe868fcf89cc2873b9b97 8584 liblouis_3.22.0-1_amd64.buildinfo
Files:
5981b6c013230febcadcfcf88a6ca093 2349 libs optional liblouis_3.22.0-1.dsc
1fda3337736b0636c7efe5bb1e3f1fbb 16397405 libs optional liblouis_3.22.0.orig.tar.gz
e12794eafa3d51359f030eae79626822 10540 libs optional liblouis_3.22.0-1.debian.tar.xz
683c4fd24e9c3eb8cf06e174efc311df 8584 libs optional liblouis_3.22.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi6MnFvk67auaclLJ5pG0tXV4H2IFAmKfHnMACgkQ5pG0tXV4
H2Lb2Q/8DqZrloprUoycHDSw7WgbmkDh0bGrir3g8hK3JWyAdFKMB4kT2aAHyvb8
dSJa5vJdxHqmsPnKJ2xKf+hzhbgqIm1ISmFBZc/5zVb39RBGKBQGalKbmFY+hzae
q/bNLb/BNYd0sQiZ3yPSpID6BPYVtCdXaLW8Igvvl/ZOmsB23TCdfRKKEqLz3d6A
cYwCt2QjS/c2kabNegQ1JtgC6GO8NS/R0j2cWoX2FP9rrGlHD5CmBWVP1MX0ietW
IvZbK363cVNDUXpn+kz2xGKjtftu1TKnCOzbBxjcqs+MjIcBt4xNpQ1cwEEJT5mp
WcTR8gA6fqd+0ZFokBzXEIYY4gT0tLYR2dG+OnWVACRkTOkrDJJ5CoeBy3Ok+NPb
4XOnq7dp8z5rdns/BoS3Jky+VBca1nPbK5dSlX1TS+KuVqg6T9bBOAjotKfi4mUJ
UBOxeBHFI2/yyND283HCHALG0SCDvtuVWAn4n4u546OsPrIKY/VMfMRSfaH9E5Jh
TvFGCqcvNS+JJDZ0GpP/OaZMU4I26HrKzeXhkUqRbTId/nzw6cWZNr89TropFdhH
ffD+z4hK7NedFCIB/mp6D++nEtG1qy2KjOVRbVXriAECS7TmJxeRcwRbeCiZ1RMO
OwHqH+B2ovJP2trF4VLkkX74ND0OsKT18PftgMu0FDbveRgVoD8=
=UJuO
-----END PGP SIGNATURE-----