Bug#899999: liblouis: CVE-2018-11410

Salvatore Bonaccorso carnil at debian.org
Thu May 24 15:16:16 BST 2018

Source: liblouis
Version: 3.5.0-1
Severity: important
Tags: security upstream


The following vulnerability was published for liblouis, it was
reported at [1], not sure if it was forwarded to upstream, can you
double check that?

| An issue was discovered in Liblouis 3.5.0. A invalid free in the
| compileRule function in compileTranslationTable.c allows remote
| attackers to cause a denial of service (application crash) or possibly
| have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-11410
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1582024

Please adjust the affected versions in the BTS as needed.


More information about the Pkg-a11y-devel mailing list