| Summary: | lout new security issues CVE-2019-19917 and CVE-2019-19918 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, nicolas.salguero, olav, ouaurelien, sysadmin-bugs, zombie_ryushu |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | lout-3.40-9.mga7.src.rpm | CVE: | CVE-2019-19917, CVE-2019-19918 |
| Status comment: | |||
| Attachments: | txt file as copied from the tutorial | ||
|
Description
David Walser
2020-10-30 19:28:56 CET
David Walser
2020-10-30 19:34:13 CET
Whiteboard:
(none) =>
MGA7TOO Fedora has issued an advisory for this today (October 31): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/ Hi, thanks for reporting this. Assigned to recent commiter. (Please set the status to 'assigned' if you are working on it) Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix security vulnerabilities: Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. (CVE-2019-19917) Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. (CVE-2019-19918) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19918 https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/ ======================== Updated packages in core/updates_testing: ======================== lout-3.40-9.1.mga7 lout-doc-3.40-9.1.mga7 from SRPM: lout-3.40-9.1.mga7.src.rpm Status:
NEW =>
ASSIGNED MGA7_64 MATE on Peaq C1011 No installation issues. No previous update, so Google brought me http://www.adrianjwells.freeuk.com/lout.pdf Took the first example (will upload this file) using pluma and run the command to create a pdf file. $ lout louttest.txt > louttest.pdf lout file "louttest.txt": 4,149: character "\231" replaced by space (it has no glyph in font Times Base) 6,39: character "\231" replaced by space (it has no glyph in font Times Base) $ ls lout.li louttest.pdf louttest.txt louttest.txt.ld The pdf file opens in Atril and looks OK. The .li file seems some kind of log, while the .ld file seems an exxpansion of the txt file with all the commands involved. I didn't read the tutorial further to check whether my interpretation is 100% correct The command seems to do its job. CC:
(none) =>
herman.viaene Created attachment 11983 [details]
txt file as copied from the tutorial
Validated. Advisory in Comment 3. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory pushed to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0411.html Status:
ASSIGNED =>
RESOLVED Xan anyone explain why this patch was not pushed to Cauldron as well? CC:
(none) =>
zombie_ryushu |