Debian Bug report logs -
#901202
liblouis: CVE-2018-12085: stack-based buffer overflow compileTranslationTable.c in 1130 in parseChars
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Accessibility Team <pkg-a11y-devel@lists.alioth.debian.org>:
Bug#901202; Package src:liblouis.
(Sun, 10 Jun 2018 06:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian Accessibility Team <pkg-a11y-devel@lists.alioth.debian.org>.
(Sun, 10 Jun 2018 06:48:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: liblouis
Version: 3.5.0-3
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/liblouis/liblouis/issues/595
Hi,
The following vulnerability was published for liblouis.
CVE-2018-12085[0]:
| Liblouis 3.6.0 has a stack-based Buffer Overflow in the function
| parseChars in compileTranslationTable.c, a different vulnerability than
| CVE-2018-11440.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12085
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Samuel Thibault <sthibault@debian.org>:
You have taken responsibility.
(Mon, 11 Jun 2018 22:39:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 11 Jun 2018 22:39:07 GMT) (full text, mbox, link).
Message #10 received at 901202-close@bugs.debian.org (full text, mbox, reply):
Source: liblouis
Source-Version: 3.5.0-4
We believe that the bug you reported is fixed in the latest version of
liblouis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 901202@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated liblouis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 Jun 2018 00:29:00 +0200
Source: liblouis
Binary: liblouis-dev liblouis14 liblouis-data liblouis-bin python-louis python3-louis
Architecture: source amd64 all
Version: 3.5.0-4
Distribution: unstable
Urgency: high
Maintainer: Debian Accessibility Team <pkg-a11y-devel@lists.alioth.debian.org>
Changed-By: Samuel Thibault <sthibault@debian.org>
Description:
liblouis-bin - Braille translation library - utilities
liblouis-data - Braille translation library - data
liblouis-dev - Braille translation library - static libs and headers
liblouis14 - Braille translation library - shared libs
python-louis - Python bindings for liblouis
python3-louis - Python bindings for liblouis
Closes: 901202
Changes:
liblouis (3.5.0-4) unstable; urgency=high
.
* patches/cve-2018-12085: Fix another buffer overflow for CVE 2018-12085
(Closes: Bug#901202).
Checksums-Sha1:
69bfb51652c6da6a99f52f16b4b7c6d1c2b57d69 2413 liblouis_3.5.0-4.dsc
1201e52b15667b0e10d16dd3bf444367dcc9e197 9476 liblouis_3.5.0-4.debian.tar.xz
df43d50abae7aaf4641c4cc5ee46d9304892ddba 65720 liblouis-bin-dbgsym_3.5.0-4_amd64.deb
2c73dcb2ebe764a29cccf26fef77357b6d2235e2 44796 liblouis-bin_3.5.0-4_amd64.deb
d2d3f97d3a347054335c81637637429528c83349 1273436 liblouis-data_3.5.0-4_all.deb
2ddba2ba22ff15762ace1fee8433f1fa5d3a4cd9 248988 liblouis-dev_3.5.0-4_amd64.deb
0da50912ef814607bbc3aa0ec1c8101ee9785f25 173188 liblouis14-dbgsym_3.5.0-4_amd64.deb
83416e42dca48e1529684cffe27b73994006c353 89844 liblouis14_3.5.0-4_amd64.deb
ea8b4d51e332a4593615ed4fd085faa41c18e893 8503 liblouis_3.5.0-4_amd64.buildinfo
d40b94e0514eec3df8a7a7c911d95be2e3263069 24004 python-louis_3.5.0-4_all.deb
5829362218800e6b735100b8c6bbb978d955295b 24072 python3-louis_3.5.0-4_all.deb
Checksums-Sha256:
8bebcf8e4fe4878fa8b9b05b3bf4fcb407bdc2b8a0c5d367a70d31d42adfabf3 2413 liblouis_3.5.0-4.dsc
5127d7dc29e0c49a5a6780ea0a79095110047859a083c29bb127de7457d05f7e 9476 liblouis_3.5.0-4.debian.tar.xz
1c3692a4033cd7f88f55613cfd7dfea9c3497a6adf40f759186a906dacffbabf 65720 liblouis-bin-dbgsym_3.5.0-4_amd64.deb
250a61e328702093c91fa993671c6207445005a13e123c7e31d33ba65c0afcdc 44796 liblouis-bin_3.5.0-4_amd64.deb
92e6b08bdae0463d2717fd687023b9b8943407d7839b1fdaf7835239384d60d9 1273436 liblouis-data_3.5.0-4_all.deb
6207fb50f85e75859a0940fa176655c650cceb085c91ffd8095373b7dc169807 248988 liblouis-dev_3.5.0-4_amd64.deb
a0bd27ee7436fb876bb9d501c6089dba7533d42b28a9aba96885d5b74088cd13 173188 liblouis14-dbgsym_3.5.0-4_amd64.deb
674bb642555d7711daa974810de278733baa4e975e6e9d122dabbe8683ded570 89844 liblouis14_3.5.0-4_amd64.deb
66fbc8cd15342e9cb01315fb3af8eddd471a33f8c373f1580982f88b79af8987 8503 liblouis_3.5.0-4_amd64.buildinfo
6f2c9f71432aee9dc56c758d74fb1249050f3791f637ebced9abf9a132703a7f 24004 python-louis_3.5.0-4_all.deb
b75e26bbe127d086470056af825a96a39ebed1e27f0840399699e1db46797879 24072 python3-louis_3.5.0-4_all.deb
Files:
cbe6563fa7f17a021bd3a532e76cec9e 2413 libs optional liblouis_3.5.0-4.dsc
4908d31a6147c5222ee62159a67f2a41 9476 libs optional liblouis_3.5.0-4.debian.tar.xz
e73b1d299ca153256902adc913b8479b 65720 debug optional liblouis-bin-dbgsym_3.5.0-4_amd64.deb
7eea9ccb7b49fac1c1e3bf4ac0fe20e4 44796 text optional liblouis-bin_3.5.0-4_amd64.deb
36aee3ec8d74b3d9a0fce74df2397c41 1273436 text optional liblouis-data_3.5.0-4_all.deb
c97f855ab042d776decea47e8a14038f 248988 libdevel optional liblouis-dev_3.5.0-4_amd64.deb
7e84365313fabe5f11df22589b1e7001 173188 debug optional liblouis14-dbgsym_3.5.0-4_amd64.deb
27f5274110b6a9aba684f7c48cc1cc93 89844 libs optional liblouis14_3.5.0-4_amd64.deb
be97ad69553f15b285cd0369f686eb1c 8503 libs optional liblouis_3.5.0-4_amd64.buildinfo
bc45372af9e9baad1a8d34d2771c95c2 24004 python optional python-louis_3.5.0-4_all.deb
b36c954612882e3e6155b39465fe46cc 24072 python optional python3-louis_3.5.0-4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjc9NmSo3GLaCjT9nlEeAcc38HUFAlse+EgACgkQnlEeAcc3
8HVyRg//VTDkni0WBXK5IH0whitFvOMH9j3g2aLw/392ylDiY0Ia/pdK4GZXXVVt
K2j+p2EuMvV6eIhOwuNvCm0rTGChgLU09Pt1WblbI9Wl1hNh+Ngaw80gloqePa0y
yRw0d1ycH8v41ZSj+N43pbU2zMy8tFVXa7RZWuZDCm+H0BkFwc9jZO9z/x3thNgN
ZrjEk5FHP7uTg9ik0LhOlBeIyTHbPjHzhFVPV0EDwh4CaduqskZJnqwbFD/3xCH9
tiFsFyz4HMlL3lOhR93LgwDIBpDE+ZPQuAXr9MB8hkARa7nuXee78iAP6INYOXFq
n7+zxej42KuPp9Puii9J1OnFNd1mz6odF68RNvQjd6ceEKD3R5a0weqBRABDtkhW
8mc5cCHJDNvG1tCdT6ZXpb8NpHDQdwpLTrrXb3m+bomamUHkZg0RP3K4AbvcdAR/
bLOWaw3ZkF/GgxiiLmaRrADl7+SkzWcw64X4xBvPgtTU4PH+ENDW4Z/kJqXOQxda
cq0vM/eoeEV5TbTBZ5h+bX4Xy0nCRLknlLjE1me96duYIgKaPv7k1KmT2tDeOiRM
g5sODkpfTlmUQoP5+R3KTMJOnvm3hJpd0x3EIFt3ZFXViJzHu2QZSZ2NSIa8gJac
qC1haVkyJx90jbfa7JeIREpuPH5yPpdChznK9FJIV/H8k4Ihc0w=
=rwqU
-----END PGP SIGNATURE-----
Reply sent
to Samuel Thibault <sthibault@debian.org>:
You have taken responsibility.
(Sun, 17 Jun 2018 14:51:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 17 Jun 2018 14:51:08 GMT) (full text, mbox, link).
Message #15 received at 901202-close@bugs.debian.org (full text, mbox, reply):
Source: liblouis
Source-Version: 3.0.0-3+deb9u4
We believe that the bug you reported is fixed in the latest version of
liblouis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 901202@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated liblouis package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Jun 2018 00:27:09 +0200
Source: liblouis
Binary: liblouis-dev liblouis12 liblouis-data liblouis-bin python-louis python3-louis
Architecture: source amd64 all
Version: 3.0.0-3+deb9u4
Distribution: stretch
Urgency: medium
Maintainer: Debian Accessibility Team <debian-accessibility@lists.debian.org>
Changed-By: Samuel Thibault <sthibault@debian.org>
Description:
liblouis-bin - Braille translation library - utilities
liblouis-data - Braille translation library - data
liblouis-dev - Braille translation library - static libs and headers
liblouis12 - Braille translation library - shared libs
python-louis - Python bindings for liblouis
python3-louis - Python bindings for liblouis
Closes: 900085 900607 901202
Changes:
liblouis (3.0.0-3+deb9u4) stretch; urgency=medium
.
* patches/cve-2018-11440: Fix another buffer overflow for CVE 2018-11440
(Closes: #900085).
* patches/cve-2018-11577: Fix another segfault for CVE 2018-11577
(Closes: #900607).
* patches/cve-2018-11683: Fix a buffer overflow for CVE 2018-11683.
* patches/cve-2018-11684: Fix a buffer overflow for CVE 2018-11684.
* patches/cve-2018-11685: Fix a buffer overflow for CVE 2018-11685.
* patches/cve-2018-12085: Fix another buffer overflow for CVE 2018-12085
(Closes: Bug#901202).
Checksums-Sha1:
38b23eef7ab6bbbb295c642fda3ff89051cace67 2409 liblouis_3.0.0-3+deb9u4.dsc
f0948ec150f9bb600a047121a56660b44bc318a1 11748 liblouis_3.0.0-3+deb9u4.debian.tar.xz
edc1d19836802b0c07fa29d7fcc34e381ab0e4b5 64090 liblouis-bin-dbgsym_3.0.0-3+deb9u4_amd64.deb
4e28b3471c85df043cdfbc2332f2224371238c20 43718 liblouis-bin_3.0.0-3+deb9u4_amd64.deb
a8f0966b251a530d6778c15e0ed679031bd5a366 1136046 liblouis-data_3.0.0-3+deb9u4_all.deb
43d7662aa2e0458414d53bd7ed12c8a4b60273d9 219792 liblouis-dev_3.0.0-3+deb9u4_amd64.deb
1a49a7a043ee5877a19dadf6aa4ebb03218830f7 127522 liblouis12-dbgsym_3.0.0-3+deb9u4_amd64.deb
46fa01699293651bef1af7162ac1f08145a1cf97 87452 liblouis12_3.0.0-3+deb9u4_amd64.deb
1e96f308e9f30f88b2e6b7ec7b9789b1b106f69b 8907 liblouis_3.0.0-3+deb9u4_amd64.buildinfo
9d040bac962bd9c8953b99467a650e64c984a207 23710 python-louis_3.0.0-3+deb9u4_all.deb
94087193df2930933d72975061659827aa9913d5 23782 python3-louis_3.0.0-3+deb9u4_all.deb
Checksums-Sha256:
b92a69d17ee9c8a1821ab627576b5388f56f46bfa273ea4011a95ee8e646efe9 2409 liblouis_3.0.0-3+deb9u4.dsc
5eeaf4da426f259c8f181056e545e58aab0c22f04eaa3dd06852717047e2e9c3 11748 liblouis_3.0.0-3+deb9u4.debian.tar.xz
096a28331deda76bb59b4d0091ae62a773285bcb631d59206b95969162276bd7 64090 liblouis-bin-dbgsym_3.0.0-3+deb9u4_amd64.deb
dbee9891a1dd7c303dde6aeac35265aa1cb1f59b9bea040dbe289e77950259e5 43718 liblouis-bin_3.0.0-3+deb9u4_amd64.deb
c53eb16f0a8615ef17dca36f887f03ed4ffb53a276629046fa430367c4dc9d40 1136046 liblouis-data_3.0.0-3+deb9u4_all.deb
6f1c5cf039d78a3aa2e61724be418fa8c642055e9499328d815e8d67c2d41de3 219792 liblouis-dev_3.0.0-3+deb9u4_amd64.deb
20054a530b66c1ebdfbbdcf43e9c957dace86466f4fbcecfe38196ffd8501171 127522 liblouis12-dbgsym_3.0.0-3+deb9u4_amd64.deb
b0b6da9522a74f52e901be9b5a77ed017f7f69109d204d17b776f6eace048eca 87452 liblouis12_3.0.0-3+deb9u4_amd64.deb
ee6b6521bdf62b498475d8e19637abf3a8fc980b6d5ad417507fff2455eee85d 8907 liblouis_3.0.0-3+deb9u4_amd64.buildinfo
3ae7300c882ab53db4e2197937f2a7acb8ad328834d8cf0aa7cf9f2fdef5981c 23710 python-louis_3.0.0-3+deb9u4_all.deb
a6683aca214e0e19bc642ec8a3047a843c38b2618d87e73c9e9362c8c08a6ff1 23782 python3-louis_3.0.0-3+deb9u4_all.deb
Files:
e2c52236d004699565c0c60da68e2fc9 2409 libs extra liblouis_3.0.0-3+deb9u4.dsc
42ead1f42a6d25b993deb206b9ad88df 11748 libs extra liblouis_3.0.0-3+deb9u4.debian.tar.xz
d88314b861113bdb2bba7a3fe5b54257 64090 debug extra liblouis-bin-dbgsym_3.0.0-3+deb9u4_amd64.deb
a909b5477f8d01b3aa440aaadaec0df4 43718 text extra liblouis-bin_3.0.0-3+deb9u4_amd64.deb
0baab3cef6e351137475ae1707fd8bb2 1136046 text extra liblouis-data_3.0.0-3+deb9u4_all.deb
c64d70ea1b1c515984d26023bb289664 219792 libdevel extra liblouis-dev_3.0.0-3+deb9u4_amd64.deb
5fe66af8fcbd48b312567d0dbef1e6e1 127522 debug extra liblouis12-dbgsym_3.0.0-3+deb9u4_amd64.deb
116a36c9db9d51ca618a2721c4862fef 87452 libs extra liblouis12_3.0.0-3+deb9u4_amd64.deb
605f019ef00258726a05da7cfe00a40c 8907 libs extra liblouis_3.0.0-3+deb9u4_amd64.buildinfo
30617bd77947cc52a12193726f49cabd 23710 python extra python-louis_3.0.0-3+deb9u4_all.deb
f5888a5a29fb1d982d6170725d8a8b32 23782 python extra python3-louis_3.0.0-3+deb9u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmjc9NmSo3GLaCjT9nlEeAcc38HUFAlskzjgACgkQnlEeAcc3
8HWuXQ/+ICxVLl8qo1Iro27MugZy3UlKfQohgRHg/0uhh6363kylSGZz+eHgVlrQ
6B6VNNxTlJlo5unYqpObKgyyxS0HYe58HOhyTVHcwBkuClGuarzQdnkj4Chhx5GZ
BtlRY7z9tIKxLrqujHz7YI+oKIqXLM99gL5Ob2937+hc4k/JwFG5t32R2VjG5man
ModLF2UySxEfzv5jmRV5r/Yz77rNODlm0nCDVb9r3gAevlYOpNl0+JErX/WJwicJ
U+3JCJC1nv+Aa46cnyovVPRhYFqlDsphQ8i/rdV8vXhc3iFQu7rXZ4SM+ofKxxBO
maVRjFdLbNMuJ658UVgnXXXsQXlSSHqG77m8/MLFR+qijE3cH3fssfBMCqvbFILY
rRT63KqvcS4DhGzo9hXE3RBmZljmlGxuCuhlL3h7OEoty8rVQv32ntcOkwd6Az3N
bnTVCPhKuWhUgHzw3HJO4j/VbG2pq+RG47NgzpzwnBPheJlndxMG9u5qQksl9MF3
NV0Qi8MjE/C59yhYhVF4F50sg3QN9DPc37nX/Sx86yK5La5XKHfQdeUo90PKgbL3
bMkMYvZY2h6orQ3be6q6IW+mS6ppAM58m7Wc1vUsop8oZmQARZIAyoLSJ1Dkg54T
XhECOdtvsfel5YpoJWy4AbXwsj4xnEzNqRvpz4XI8O+EMrwIcaY=
=+SMD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 31 Jul 2018 07:24:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:20:44 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon