| Summary: | aspell new security issue CVE-2019-17544 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | geiger.david68210, herman.viaene, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | aspell-0.60.6.1-12.mga7.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 0.60.8 | ||
|
Description
David Walser
2019-10-31 04:59:06 CET
David Walser
2019-10-31 04:59:21 CET
Status comment:
(none) =>
Fixed upstream in 0.60.8 Assigning to Shlomi as 'aspell' maintainer. Assignee:
bugsquad =>
shlomif Advisory: ======================== Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character (CVE-2019-17544). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544 https://usn.ubuntu.com/4155-1/ ======================== Updated packages in core/updates_testing: ======================== aspell-0.60.8-1.mga7 libaspell15-0.60.8-1.mga7 libaspell-devel-0.60.8-1.mga7 from aspell-0.60.8-1.mga7.src.rpm Assignee:
shlomif =>
qa-bugs MGA7-64 Plasma on Lenovo B50
No installation issues.
Looking for dependents found sonnet.
At CLI:
$ strace -o aspell.txt kwrite xslt/output.xml
Hspell: can't open /usr/share/hspell/hebrew.wgz.sizes.
sonnet.plugins.hspell: HSpellDict::HSpellDict: Init failed
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: Missing trigrams for languages: QSet("en_GB", "en_CA", "en_AU")
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
sonnet.core: No language dictionaries for the language: "nl_BE"
In kwrite I could change the dictionary to Nederlands(Nederland) and switch on automatic spelling, Worked OK.
Loads of refs to aspell in the trace file.CC:
(none) =>
herman.viaene
Thomas Backlund
2019-11-02 16:49:13 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0311.html Status:
NEW =>
RESOLVED This update fixed another (non-CVE) security issue: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5K5EOERW4QNXFRZ7JETMYKOQ7LUKYE57/ (In reply to David Walser from comment #6) > This update fixed another (non-CVE) security issue: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/5K5EOERW4QNXFRZ7JETMYKOQ7LUKYE57/ Now this issue has CVE-2019-20433: https://lists.suse.com/pipermail/sle-security-updates/2020-September/007507.html |