liblouis: security update to 3.7.0 - Githubissues

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches

https://packages.aosc.io

GNU General Public License v2.0

102 stars 80 forks source link

liblouis: security update to 3.7.0 #1400

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-12085

Other security advisory IDs (if any)

openSUSE-SU-2018:2819-1

Patches (if any)

N/A

PoC(s) (if any)

https://github.com/liblouis/liblouis/issues/595

Additional descriptions (if applicable)

CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440)

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

[x] AMD64 (amd64)
[x] AArch64 (arm64)
[x] ARMv7 (armel)
[x] PowerPC 64-bit BE (ppc64)
[x] PowerPC 32-bit BE (powerpc)

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/a5b87796a23128095de55dd62b15176c5c18511a. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0418.