Ubuntu has issued an advisory on October 15: https://usn.ubuntu.com/4155-1/ The issue was fixed upstream in 0.60.8.
Status comment: (none) => Fixed upstream in 0.60.8
Done!
CC: (none) => geiger.david68210
Assigning to Shlomi as 'aspell' maintainer.
Assignee: bugsquad => shlomif
Advisory: ======================== Updated aspell packages fix security vulnerability: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character (CVE-2019-17544). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544 https://usn.ubuntu.com/4155-1/ ======================== Updated packages in core/updates_testing: ======================== aspell-0.60.8-1.mga7 libaspell15-0.60.8-1.mga7 libaspell-devel-0.60.8-1.mga7 from aspell-0.60.8-1.mga7.src.rpm
Assignee: shlomif => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Looking for dependents found sonnet. At CLI: $ strace -o aspell.txt kwrite xslt/output.xml Hspell: can't open /usr/share/hspell/hebrew.wgz.sizes. sonnet.plugins.hspell: HSpellDict::HSpellDict: Init failed sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: Missing trigrams for languages: QSet("en_GB", "en_CA", "en_AU") sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" sonnet.core: No language dictionaries for the language: "nl_BE" In kwrite I could change the dictionary to Nederlands(Nederland) and switch on automatic spelling, Worked OK. Loads of refs to aspell in the trace file.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0311.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This update fixed another (non-CVE) security issue: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5K5EOERW4QNXFRZ7JETMYKOQ7LUKYE57/
(In reply to David Walser from comment #6) > This update fixed another (non-CVE) security issue: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/5K5EOERW4QNXFRZ7JETMYKOQ7LUKYE57/ Now this issue has CVE-2019-20433: https://lists.suse.com/pipermail/sle-security-updates/2020-September/007507.html