Package "libflightcrew0v5"
| Name: |
libflightcrew0v5
|
Description: |
C++ library for epub validation
|
| Latest version: |
0.7.2+dfsg-10ubuntu0.1 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
flightcrew |
| Homepage: |
http://code.google.com/p/flightcrew |
Links
Download "libflightcrew0v5"
Other versions of "libflightcrew0v5" in Bionic
Changelog
|
flightcrew (0.7.2+dfsg-10ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference (DoS) when processing crafted
EPUB file
- debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed
opf items in GetRelativePathToNcx()
- debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed
opf items in GetRelativePathsToXhtmlDocuments()
- CVE-2019-13032
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer
- debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to
always be safe
- debian/patches/CVE-2019-13241-3.patch: harden further by throwing
exception
- CVE-2019-13241
* SECURITY UPDATE: Infinite loop leading to DoS and resource consumption
- debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios
library by checking for EOF
- CVE-2019-13453
-- Mike Salvatore <email address hidden> Mon, 01 Jul 2019 15:30:35 -0400
|
| CVE-2019-13032 |
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocum |
| CVE-2019-13241 |
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP a |
| CVE-2019-13453 |
RESERVED |
|
About
-
Send Feedback to @ubuntu_updates
