Bug#899999: liblouis: CVE-2018-11410

Salvatore Bonaccorso carnil at debian.org
Fri May 25 11:24:28 BST 2018

Hi Samuel,

On Fri, May 25, 2018 at 11:00:49AM +0200, Samuel Thibault wrote:
> Hello
> Salvatore Bonaccorso, le jeu. 24 mai 2018 16:16:16 +0200, a ecrit:
> > The following vulnerability was published for liblouis, it was
> > reported at [1], not sure if it was forwarded to upstream, can you
> > double check that?
> I reported it to upstream and is now fixed there.  I have uploaded a
> fixed package to unstable as version 3.5.0-2.
> I have prepared a stable upload in
> git at salsa.debian.org:a11y-team/liblouis.git in the debian-stretch branch
> The buffer overflow can be exploited only if one is able to feed the
> content of a braille table, which is not normally something that is
> possible, usually only the content of the text to be transcribed to
> braille can be fed, so I don't see any situation where this can really
> be a security concern, so I guess a simple stable upload would be
> enough?

I agree, if you can prepare an update to be included in the upcoming
point release for stretch that would be great!

Thanks for all your work.


More information about the Pkg-a11y-devel mailing list