Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted liblouis 3.24.0-2 (source) into unstable
Date: Fri, 02 Jun 2023 18:19:04 +0000
Signed by: Jeremy Bicha <jeremy.bicha@canonical.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 02 Jun 2023 10:05:57 -0300
Source: liblouis
Built-For-Profiles: noudeb
Architecture: source
Version: 3.24.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian Accessibility Team <pkg-a11y-devel@alioth-lists.debian.net>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>
Closes: 1033202
Changes:
 liblouis (3.24.0-2) unstable; urgency=high
 .
   * Team upload
   * SECURITY UPDATE: Denial of service (Closes: #1033202)
     - debian/patches/CVE-2023-26767.patch: check the length
       of path before copying into dataPath in
       liblouis/compileTranslationTable.c, liblouis/liblouis.h.in.
     - CVE-2023-26767
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2023-26768-1.patch: check filename before
       coping to initialLogFileName in liblouis/logging.c.
     - debian/patches/CVE-2023-26768-2.patch: replace the magic
       number with a define in liblouis/logging.c.
     - CVE-2023-26768
   * SECURITY UPDATE: Buffer overflow
     - debian/patches/CVE-2023-26769-1.patch: check path length
       before coping into tableFile in liblouis/compileTranslationTable.c.
     - debian/patches/CVE-2023-26769-2.patch: fix format in
       liblouis/compileTranslationTable.c.
     - debian/patches/CVE-2023-26769-3.patch: add parentheses for
       define expression in liblouis/compileTranslationTable.c.
     - CVE-2023-26769
Checksums-Sha1:
 eb87831291930726c49dd0ad11d057a0a00928b0 2349 liblouis_3.24.0-2.dsc
 1a7200dee5a1bfd652990792b9bfd621213ebae8 12956 liblouis_3.24.0-2.debian.tar.xz
 baa1d4406bc6832cd7a42ad757de008588ec0b31 7102 liblouis_3.24.0-2_source.buildinfo
Checksums-Sha256:
 62e8ae545a7e43dac44e5f8b660e659909d785af35f070f1ac79c2affb0904f9 2349 liblouis_3.24.0-2.dsc
 878510275cb455c83760bf12f2a5de43dabc3367f50d402482f39ff3d7e574eb 12956 liblouis_3.24.0-2.debian.tar.xz
 acdd5a8f165a25612d4c92d09de6d650b19e0a7fa4a716f8ef57acb3ee550e86 7102 liblouis_3.24.0-2_source.buildinfo
Files:
 c0f32866d6f53c62a97f07c7ac9c33d6 2349 libs optional liblouis_3.24.0-2.dsc
 872438ae7d3bfe3bd85ad4270427e9e5 12956 libs optional liblouis_3.24.0-2.debian.tar.xz
 b61c2bec586dc75fd92e7e380eedbd94 7102 libs optional liblouis_3.24.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmR6LvYACgkQ5mx3Wuv+
bH35oQ//So3VFZP3E9u7FryKQ6zjefDYjd73GoldSitNtjhHL5XAerf1ticMAmDQ
HegTTBAsYVunP0nyMMY8KYqfu/lmTgBDp497Vba2BUHStkdD90lOWiaB3njfiorp
0pwL5DkrsgJ7/KXD6F7dOJLTe35HwEw/JWfytEnCnw6GyLwSnIeMBcalZYlLvri6
W+xHcMGwZIx1LNaPd0OrwtS+WhO/WFIvB1ZbWVzBYvy9uU+b3UFQDezH5PkY4GTa
S0jS7gNEsN0JWOCmxKLC5xfhEBHMzkw7GTQTH3LbXMSnfd/bxkgTXD15VlntNCX6
GxOk5hle8XZu0NBRqQL0m5dZQbz9+JpzBzKemDi+Vd8WJbktcOmRL5/L1P9UK3BB
R6F53Cl2tJlTKTaxYyxCu4qEdreRMTCDfbFfF8/IImdGwN7NLgYbjSOEave943mK
32abYzX+H4RgspaZwdQNGwDUsDHKkQA/1VsGEW3iDY3vJukE3X/1FBfLa3Xt2bij
YzsoJNHxXQHDmAmTKDAWel1X6HGS5B+9R9B5P5D8jbMzhjSemwPj5gO3szHba7r2
bgKllT41wo0s7L6tjEhZk/jj4Z6bwAV8USacAytHgcMbsHG1DV4DElKaOt+GdjlV
lI0KU0XzLxDPb8VF+yJ592gdIuo1TmBYyN93FRnEn3gmo1R5AGM=
=DXXu
-----END PGP SIGNATURE-----
News for package liblouis
