UbuntuUpdates.org

Package "python3-louis"

Name: python3-louis

Description:

Python bindings for liblouis

Latest version: 3.5.0-1ubuntu0.5
Release: bionic (18.04)
Level: security
Repository: main
Head package: liblouis
Homepage: http://liblouis.org/

Links


Download "python3-louis"


Other versions of "python3-louis" in Bionic

Repository Area Version
base main 3.5.0-1
updates main 3.5.0-1ubuntu0.5

Changelog

Version: 3.5.0-1ubuntu0.5 2023-04-04 17:06:59 UTC

  liblouis (3.5.0-1ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2023-26767.patch: check the length
      of path before copying indo dataPath in
      liblouis/compileTranslationTable.c, liblouis/liblouis.h.in.
    - CVE-2023-26767
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26768-1.patch: check filename before
      coping to initialLogFileName in liblouis/logging.c.
    - debian/patches/CVE-2023-26768-2.patch: replace the magic
      number with a define in liblouis/logging.c.
    - CVE-2023-26768
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2023-26769-1.patch: check path length
      before coping into tableFile in liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-2.patch: fix format in
      liblouis/compileTranslationTable.c.
    - debian/patches/CVE-2023-26769-3.patch: add parentheses for
      define expression in liblouis/compileTranslationTable.c.
    - CVE-2023-26769

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 27 Mar 2023 09:13:06 -0300

Source diff to previous version
CVE-2023-26767 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at loggin
CVE-2023-26768 Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and
CVE-2023-26769 Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable func

Version: 3.5.0-1ubuntu0.4 2022-06-13 18:06:16 UTC

  liblouis (3.5.0-1ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2022-31783.patch: prevent an invalid
      memory writes in compileRule in liblouis/compileTranslationTable.c.
    - CVE-2022-31783

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 09 Jun 2022 10:37:45 -0300

Source diff to previous version
CVE-2022-31783 Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

Version: 3.5.0-1ubuntu0.3 2018-10-03 13:07:40 UTC

  liblouis (3.5.0-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-12085.patch: fix in
      liblouis/compileTranslationTable.c.
    - CVE-2018-12085
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-17294.patch: fix in
      liblouis/lou_translateString.c
    - CVE-2018-17294

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Oct 2018 11:13:18 -0300

Source diff to previous version
CVE-2018-12085 Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-114
CVE-2018-17294 The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to

Version: 3.5.0-1ubuntu0.2 2018-06-06 17:07:37 UTC

  liblouis (3.5.0-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-11683.patch: fix in
      liblouis/compileTranslationTable.c, tools/lou_translate.c.
    - CVE-2018-11683
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-11684.patch: fix in
      liblouis/compileTranslationTable.c.
    - CVE-2018-11684
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-11685.patch: fix in
      liblouis/compileTranslationTable.c.
    - CVE-2018-11685

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 05 Jun 2018 14:46:53 -0300

Source diff to previous version
CVE-2018-11683 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-114
CVE-2018-11684 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
CVE-2018-11685 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.

Version: 3.5.0-1ubuntu0.1 2018-06-04 20:07:31 UTC

  liblouis (3.5.0-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-11410.patch: fix in liblouis/pattern.c.
    - CVE-2018-11410
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-11440.patch: fix in table parsing
      liblouis/compileTranslationTable.c.
    - CVE-2018-11440
  * SECURITY UPDATE: Buffer overflow in braille table parser
    - debian/patches/CVE-2018-11577.patch: fix in
      liblouis/compileTranslationTable.c.
    - CVE-2018-11577

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Jun 2018 12:57:43 -0300

CVE-2018-11410 An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a
CVE-2018-11440 Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2018-11577 Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.



About   -   Send Feedback to @ubuntu_updates