Bug#899999: liblouis: CVE-2018-11410
Salvatore Bonaccorso
carnil at debian.org
Fri May 25 11:24:28 BST 2018
Hi Samuel,
On Fri, May 25, 2018 at 11:00:49AM +0200, Samuel Thibault wrote:
> Hello
>
> Salvatore Bonaccorso, le jeu. 24 mai 2018 16:16:16 +0200, a ecrit:
> > The following vulnerability was published for liblouis, it was
> > reported at [1], not sure if it was forwarded to upstream, can you
> > double check that?
>
> I reported it to upstream and is now fixed there. I have uploaded a
> fixed package to unstable as version 3.5.0-2.
>
> I have prepared a stable upload in
> git at salsa.debian.org:a11y-team/liblouis.git in the debian-stretch branch
>
> The buffer overflow can be exploited only if one is able to feed the
> content of a braille table, which is not normally something that is
> possible, usually only the content of the text to be transcribed to
> braille can be fed, so I don't see any situation where this can really
> be a security concern, so I guess a simple stable upload would be
> enough?
I agree, if you can prepare an update to be included in the upcoming
point release for stretch that would be great!
Thanks for all your work.
Regards,
Salvatore
More information about the Pkg-a11y-devel
mailing list