-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym aspell-doc libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: source amd64 all Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: Agustin Martin Domingo <agmartin@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: aspell - GNU Aspell spell-checker aspell-doc - Documentation for GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 5b8470800b8ccc69a10691926d4e7ae129b0dcef 2368 aspell_0.60.7~20110707-6+deb10u1.dsc b5a41b92d70740efe7785baaefe1616c69c34637 1876992 aspell_0.60.7~20110707.orig.tar.gz 77c8b732196f7054e571f5624539f99b2c940a58 27568 aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz c737eb8228d82fed48928ad9241fff106a8340ce 546544 aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 10e9b3a5cc1b3be058375c175439a871deea731d 252032 aspell-doc_0.60.7~20110707-6+deb10u1_all.deb 9254d7f2e138a3130f7a89fff40df7b504ebc87e 8235 aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo 4347f910b2f1823266b5cc775ec75c8e2cc76f44 225740 aspell_0.60.7~20110707-6+deb10u1_amd64.deb 7eb9d6ebc27d91b342bb826b39dd47a51aefcfb5 32820 libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb 9302f2570be5dc051b65b422a736c98cf10385cf 2780936 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 36b9215234db6f8629554381f1e19c1aad224adf 327280 libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 4665629d14d48b78486be0e9bff033dec7b30926 29900 libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb Checksums-Sha256: b5acf95913c5c273d8ae56d05d41a380666f2db62a30a8abb308c25ae7bccec6 2368 aspell_0.60.7~20110707-6+deb10u1.dsc 71a41224e224af08a0051a9048fc0b4a912acee997d4870cfd68bd7327c45b61 1876992 aspell_0.60.7~20110707.orig.tar.gz 5b607c76d957398ec9b7b5bcd522cc327c5521ac7df525319d14c993c73a859c 27568 aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz 8bdaba3ba5723a68a0ade7d177150ed06d0e62a9f7e888ead2e73f0d1a2de19d 546544 aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 76350b0202142c36a383a882a940ebc03345732a0edd432cc6e4fe80c7eaaa8d 252032 aspell-doc_0.60.7~20110707-6+deb10u1_all.deb 4310fca3205c5ab0f782e4be1f29c318d4bd3bbf2a0b75ee0abe0acf62ded29a 8235 aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo ed67305dfee108e07366a7485f5b0c6e8d66aec11464ead25dd66ca3ef3af3b6 225740 aspell_0.60.7~20110707-6+deb10u1_amd64.deb 25fb3748729135b5ed12b858d7f9ea7faa254d1a77c9cc488f9b9ed9c7abaa0f 32820 libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb be57f782d88374989f89fe98be187deaba8420217c1301e68358e25da9e5f337 2780936 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 5c17396579ff532bea08988667d90bad8c169dc1d1f02bd87dbf36e4ec20ce9f 327280 libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 0b9ab062c99c03c4e2a77ac99f1be546abb791b3483947a879f2b8536dae3070 29900 libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb Files: 90927a271af87662f9fed52754d58a6c 2368 text optional aspell_0.60.7~20110707-6+deb10u1.dsc 9a80faddad3222b88c544e93d2ab9579 1876992 text optional aspell_0.60.7~20110707.orig.tar.gz a612190cf4ac8b4a3124f956deeac250 27568 text optional aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz 2d550c9898455d745494ec23119e01d4 546544 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb d9e9c2035fa8de9590821c67d6fd87eb 252032 doc optional aspell-doc_0.60.7~20110707-6+deb10u1_all.deb b1d9621dc871a8843527b26bac7a520e 8235 text optional aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo 17b868c96291d352708595d02499eaa5 225740 text optional aspell_0.60.7~20110707-6+deb10u1_amd64.deb 840fe82ad9f1f26b57569ff8c74144ac 32820 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb 30211840dc8fd721e4e2664faa54ce85 2780936 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 60d006ac14df2938da1b30f1faf53097 327280 libs optional libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 2ca8beaa11f72bd66e0ac7d840a8d8b8 29900 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEEhqtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5orEACy4YltC09cnlnwRLedJxE5Tp2MTq8D vJwx9gHsyZZhJm3PC3FBcZS9G6/QfDDVuIojBD+ey9dg9J8jegqlQl9B3reaS4xJ YE1ef1pt75gTi+LXBhpxR0eKOTWdzqIGZyV1SJqaVTRuaVTatJ9cphRuhYLCoDYx w3kZRYR+YeP83f2DfcMfpWOvR8c7JrZNXZn+sg4x342tNaEUJf5LUkYx22e7YFJR 2qGF1BDkpW3a1pbmmKdT7rlyl5vTwinksGa9IllwVBMvDVZBBZWAB5uZYGuwYlM3 AW0r/JjYl3OfIaK45b6uDxbWkUfgFeBp3knq7bhO0JVlOwXCCUWHfM1gaefA8zjz vwdKPVy96DCgXcxRvoRsV2n40ZYfLPhxgLbkKx2IqMb9yyVB/+RqapbpCAMVXnTK iEou7QD/H5NqprWvuplNcWaNqlYDzDt6qTvkxwHP1Az3wW8U86pUXV3kuBFZfbKG yHZKfRN0IOCVm3UOPpWUcnkfaqGDty9OSTvk+jASPpucl+E3MFu76LE6zln6Qssb exU2uoMJsIuBBV5XcYUGLYRGYVCZ3I75ttpp7O5i2yn3IVjateKyiFooTsWAKJBa 5KZalgsmO1XlHFq85SzkPHpgLAmc1e7M4LCNP1hW5NL+x3sFdrV63B7J38c7V19m gceZu1EYs9QygQ== =bThh -----END PGP SIGNATURE-----