[SECURITY] [DLA 2974-1] fribidi security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2974-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
April 10, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : fribidi
Version : 0.19.7-1+deb9u2
CVE ID : CVE-2022-25308 CVE-2022-25309 CVE-2022-25310
Several issues have been found in fribidi, a free Implementation of the
Unicode BiDi algorithm. The issues are related to stack-buffer-overflow,
heap-buffer-overflow, and a SEGV.
CVE-2022-25308
stack-buffer-overflow issue in main()
CVE-2022-25309
heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()
CVE-2022-25310
SEGV issue in fribidi_remove_bidi_marks()
For Debian 9 stretch, these problems have been fixed in version
0.19.7-1+deb9u2.
We recommend that you upgrade your fribidi packages.
For the detailed security status of fribidi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fribidi
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmJYTGVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd79Q/8DYl02kz57vsUm7vlBtsvZEZoQSo/jBIMmnqrTjyuDVhbrI5AOuHOi1J1
IwxtcZX5sVGku4a1vBkCKm3mzUKgFQ0v9T0jB20UMDlz+JqaB5+8+US3Vw1tHHSd
/eHfmMzTrQ3aZdDripFhI6Z1rbV/F65TAgNv2NfLXPmhof+rU9+bLX0KfxPlbvyC
sjIYxlois30Pm/TgGZXGSlH58ObjLMySPnw06DkG6UbDFp0kVQcdRJXw/pdzWe7r
pMMJT99L7mz7p+OQcMqMeKqg+YSdoV3Y08h9TwmpEXKShU66KgDyZcC+VdmLU0+W
0qNZr4F269TdaIrZzXTjZM6fUerZvmHikoskt4aj0IFLoSrmf4suEw3LfJ1r4sdZ
2WgsnQ9M6uQRHgNfBN4WucIjRNEs7uY9MwfWU2HBYuTlAEc/nja+Z2Pr9MRDJrRD
oAMc+g/mBS9y6VC0HeHLkksV/8U4Vd//gnYw9MaJ0NyiJi+1cs/wAvzCl+fFS5XT
dK5tJnvE682eeTQuSCBZ9vPoNdHWK2QfZfuh1SkEtag/pmRhzyjurCDYmvSNu2BE
RGNbMVKyIlz59avBXF1VnfY6ePjuoMZcwn0T2V3uIxjcGlcmbUUZ+RUvBZRh6uQp
mT3lx+7f/3JU5DgCAUddNekhuYeb0qNvWCH5vgGVSxtMEQhqHNw=
=x/SH
-----END PGP SIGNATURE-----
Reply to: