liblouis: security update to 3.3.0

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches

https://packages.aosc.io

GNU General Public License v2.0

102 stars 80 forks source link

liblouis: security update to 3.3.0 #788

Closed l2dy closed 7 years ago

l2dy commented 7 years ago

https://github.com/liblouis/liblouis/releases/tag/v3.3.0

Fix a number of CVEs (illegal address access, buffer overflow and use-after-free or in terms of CVEs: CVE-2017-13738, CVE-2017-13739, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742 and CVE-2017-13744) thanks to Mike Gorse.
Fix CVE-2017-13743 thanks to Christian Egli.

MingcongBai commented 7 years ago

Though it's a tough call that it bumps so version... I'm going to try and backport.

MingcongBai commented 7 years ago

Right... I don't think this could be done quickly - not to mention Debian is still vulnerable. I might wait for them to take a look into this... For now, I'll mark this to-staging.

l2dy commented 6 years ago

Use AOSA-2017-0185.