Re: Liblouis CVE's in stretch

To: debian-accessibility@lists.debian.org, mailinglists@gusnan.se
Subject: Re: Liblouis CVE's in stretch
From: Samuel Thibault <sthibault@debian.org>
Date: Mon, 30 May 2022 14:34:08 +0200
Message-id: <[🔎] 20220530123408.uumzjzqfl7hzxedi@begin>
Mail-followup-to: debian-accessibility@lists.debian.org, mailinglists@gusnan.se
In-reply-to: <[🔎] 20220530131037.50048f77@debian-i7>
References: <[🔎] 20220530131037.50048f77@debian-i7>

Hello,

Andreas Rönnquist, le lun. 30 mai 2022 13:10:37 +0200, a ecrit:
> I am looking at fixing CVE-2022-26981 [1] in Stretch,

This CVE is about table compilation. Tables are basically never coming
from outside sources, so this is not really a security issue, I dont
think we want to spend time on backporting a fix.

> Also - I am looking at fixing CVE-2018-17294 [3],

This one however is about input indeed. Perhaps it'd be worth checking
against the latest upstream master branch of liblouis, since there have
been various fixes there recently.

samuel

Reply to:

Follow-Ups:
- Re: Liblouis CVE's in stretch
  - From: Samuel Thibault <sthibault@debian.org>

References:
- Liblouis CVE's in stretch
  - From: Andreas Rönnquist <mailinglists@gusnan.se>

Prev by Date: Liblouis CVE's in stretch
Next by Date: Re: Liblouis CVE's in stretch
Previous by thread: Liblouis CVE's in stretch
Next by thread: Re: Liblouis CVE's in stretch
Index(es):
- Date
- Thread