[DRE-maint] Bug#935128: Packages potentially affected by unbounded buffer over-read in GNU Aspell 0.60.*
Agustin Martin
agmartin at debian.org
Fri Aug 30 09:31:47 BST 2019
On Thu, Aug 29, 2019 at 12:20:28AM +0200, Agustin Martin wrote:
> On Mon, Aug 19, 2019 at 04:33:40PM -0400, Kevin Atkinson wrote:
> > On Mon, 19 Aug 2019, Salvatore Bonaccorso wrote:
> >
> > > See https://lists.gnu.org/archive/html/aspell-announce/2019-08/msg00000.html
> >
> > > Within Debian the "pumpa" will need an update. Others might be
> > > required as well. Kevin Atkinson might be up for help if needed.
> > Also see http://aspell.net/buffer-overread-ucs.txt for a slightly improved
> > version of the announcement that I edited for clarity.
>
> Hi all,
>
> This message is sent to all packages that depend in some way on
> libaspell15 (pdo addresses bcc'ed)
>
> A potentially unbounded buffer over-read has been found in in GNU
> Aspell 0.60.*. Package aspell 0.60.7-1 has been uploaded to Debian
> experimental, including upstream patch to deal with this problem.
>
> Unfortunately this fix may break applications that use null-terminated
> UCS-2 or UCS-4 strings with the C API. These applications will need
> to be fixed to make use of the new more secure API in order to
> continue to have a functional spell checker.
This is the list of non aspell packages depending on libaspell15 which
are possibly affected (maintainers bcc'ed),
eiskaltdcpp-qt
enchant
gnustep-gui-runtime
inkscape
kdelibs5-plugins
libenchant1c2a
libenchant2
libenchant-voikko
librcc0
libtext-aspell-perl
mcabber
php7.3-pspell
pumpa
raspell
sonnet-plugins
tea
weechat-plugins
xmlcopyeditor
yagf
--
Agustin
More information about the Pkg-ruby-extras-maintainers
mailing list