[ubuntu/bionic-updates] fribidi 0.19.7-2ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Apr 6 10:58:13 UTC 2022

fribidi (0.19.7-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Incorrect length checking in processing of line input
    could result in a stack buffer overflow, resulting in a crash or potential
    code execution.
    - debian/patches/CVE-2022-25308.patch: add checking to length of string
      buffer before processing in bin/fribidi-main.c
    - CVE-2022-25308

  * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
    encoder could result in a heap buffer overflow, resulting in a crash or
    potential code execution.
    - debian/patches/CVE-2022-25309.patch: add checking and removal of
      dangerous characters before encoding stage, in
    - CVE-2022-25309

  * SECURITY UPDATE: Incorrect handling of string pointer can result in a
    crash in fribidi_remove_bidi_marks().
    - debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
      to avoid potential use-after-free in lib/fribidi.c
    - CVE-2022-25310

Date: 2022-04-06 08:17:10.647700+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list