Bug#941185: hunspell: CVE-2019-16707

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#941185: hunspell: CVE-2019-16707
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 26 Sep 2019 06:37:42 +0200
Message-id: <[🔎] 156947266256.27937.9288396761747660129.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 941185@bugs.debian.org

Source: hunspell
Version: 1.7.0-2
Severity: normal
Tags: security upstream

Hi,

The following vulnerability was published for hunspell. This is not
really a big issue, and negligigle in security tracking context, but
as it seems to have been reported just as crash in [1] it might be
worth reporting it up to upstream.

CVE-2019-16707[0]:
| Hunspell 1.7.0 has an invalid read operation in
| SuggestMgr::leftcommonsubstring in suggestmgr.cxx.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-16707
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707
[1] https://github.com/butterflyhack/hunspell-crash

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
Init: sysvinit (via /sbin/init)

Reply to:

Follow-Ups:
- Bug#941185: hunspell: CVE-2019-16707
  - From: Rene Engelhard <rene@debian.org>

Prev by Date: Bug#940914: Issue was caused by AppArmor
Next by Date: Processing of libreoffice_6.3.2-1_source.changes
Previous by thread: Bug#940914: Issue was caused by AppArmor
Next by thread: Bug#941185: hunspell: CVE-2019-16707
Index(es):
- Date
- Thread