Bug#899999: liblouis: CVE-2018-11410
Samuel Thibault
sthibault at debian.org
Fri May 25 10:00:49 BST 2018
Hello
Salvatore Bonaccorso, le jeu. 24 mai 2018 16:16:16 +0200, a ecrit:
> The following vulnerability was published for liblouis, it was
> reported at [1], not sure if it was forwarded to upstream, can you
> double check that?
I reported it to upstream and is now fixed there. I have uploaded a
fixed package to unstable as version 3.5.0-2.
I have prepared a stable upload in
git at salsa.debian.org:a11y-team/liblouis.git in the debian-stretch branch
The buffer overflow can be exploited only if one is able to feed the
content of a braille table, which is not normally something that is
possible, usually only the content of the text to be transcribed to
braille can be fed, so I don't see any situation where this can really
be a security concern, so I guess a simple stable upload would be
enough?
Samuel
More information about the Pkg-a11y-devel
mailing list