Debian Package Tracker

general

source: liblouis (main)
version: 3.7.0-1
maintainer: Debian Accessibility Team (archive) [DMD]
uploaders: Cyril Brulebois [DMD] – Samuel Thibault [DMD]
arch: all any
std-ver: 4.2.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.4.1-1
oldstable: 2.5.3-3+deb8u1
stable: 3.0.0-3+deb9u4
testing: 3.7.0-1
unstable: 3.7.0-1

versioned links

2.4.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.5.3-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.0-3+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liblouis-bin
liblouis-data
liblouis-dev
liblouis16
python-louis
python3-louis

action needed

A new upstream version is available: 3.8.0 high

A new upstream version 3.8.0 is available, you should consider packaging it.

Created: 2018-12-04 Last update: 2018-12-12 09:01

6 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.7.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 460f8e10335d11cf2aeb2d56f833db559c0d0a39
Author: Helmut Grohne <helmut@subdivi.de>
Date:   Tue Nov 6 21:01:40 2018 +0100

    Demote python stuff to Build-Depends-Indep.
    
    (Closes: Bug#913081)

commit 091e50ddd4b9d80d12d0c84799b4a9953c564957
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Sep 15 10:11:07 2018 +0200

    upload

commit 488c89632ed435738973851af9a7b59e420d8729
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Sep 15 10:07:19 2018 +0200

    New upstream release.
    
        - debian/patches/automake-1.16: upstream.
        - debian/patches/cve-2018-12085: upstream.
        - debian/patches/da-dk: upstream.

commit 514c1c44bba96f6d193cd1ea472601d63f4912fd
Merge: 36f4c44 423aa82
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Sep 15 10:06:01 2018 +0200

    Update upstream source from tag 'upstream/3.7.0'
    
    Update to upstream version '3.7.0'
    with Debian dir b8b961ae179b414b966d49037d3d2ef15d907559

commit 423aa82ebfce38858a0ff91736b00d5c36161ee7
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Sep 15 10:03:34 2018 +0200

    New upstream version 3.7.0

commit 36f4c442a3999fe35760e759477579d86321ca50
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Sat Aug 25 18:16:23 2018 +0200

    Use upstream commit

The Vcs URL is using anonscm.debian.org. Please update it for the move to salsa.debian.org.

Created: 2018-08-26 Last update: 2018-12-12 05:42

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-11 Last update: 2018-11-28 06:51

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

Please fix it.

Created: 2018-09-21 Last update: 2018-12-12 09:00

14 ignored security issues in jessie low

There are 14 open security issues in jessie.

14 issues skipped by the security teams:

CVE-2017-13738: There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
CVE-2017-13744: There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
CVE-2017-13743: There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.
CVE-2017-13742: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.
CVE-2018-11440: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2018-11577: Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVE-2018-11683: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2017-13739: There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.
CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
CVE-2017-13741: There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.
CVE-2018-11684: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
CVE-2017-13740: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.
CVE-2018-11685: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
CVE-2018-12085: Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

Please fix them.

Created: 2017-08-29 Last update: 2018-12-12 09:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.2.0).

Created: 2018-08-26 Last update: 2018-09-15 17:54

news

[rss feed]

[2018-09-17] liblouis 3.7.0-1 MIGRATED to testing (Debian testing watch)
[2018-09-15] Accepted liblouis 3.7.0-1 (source) into unstable (Samuel Thibault)
[2018-08-20] liblouis 3.6.0-3 MIGRATED to testing (Debian testing watch)
[2018-08-17] Accepted liblouis 3.6.0-3 (source) into unstable (Samuel Thibault)
[2018-07-12] liblouis 3.6.0-2 MIGRATED to testing (Debian testing watch)
[2018-07-07] Accepted liblouis 3.6.0-2 (source) into unstable (Samuel Thibault)
[2018-07-02] Accepted liblouis 3.6.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)
[2018-06-17] Accepted liblouis 3.0.0-3+deb9u4 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Samuel Thibault)
[2018-06-14] liblouis 3.5.0-4 MIGRATED to testing (Debian testing watch)
[2018-06-11] Accepted liblouis 3.5.0-4 (source amd64 all) into unstable (Samuel Thibault)
[2018-06-10] liblouis 3.5.0-3 MIGRATED to testing (Debian testing watch)
[2018-06-04] Accepted liblouis 3.5.0-3 (source amd64 all) into unstable (Samuel Thibault)
[2018-05-28] Accepted liblouis 3.0.0-3+deb9u2 (source) into proposed-updates->stable-new, proposed-updates (Samuel Thibault)
[2018-05-27] liblouis 3.5.0-2 MIGRATED to testing (Debian testing watch)
[2018-05-25] Accepted liblouis 3.5.0-2 (source) into unstable (Samuel Thibault)
[2018-03-17] liblouis 3.5.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-17] liblouis 3.5.0-1 MIGRATED to testing (Debian testing watch)
[2018-03-11] Accepted liblouis 3.5.0-1 (source) into unstable (Samuel Thibault)
[2018-02-20] liblouis 3.4.1-1 MIGRATED to testing (Debian testing watch)
[2018-02-14] Accepted liblouis 3.4.1-1 (source) into unstable (Samuel Thibault)
[2017-11-19] Accepted liblouis 2.5.3-3+deb8u1 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Samuel Thibault)
[2017-10-08] Accepted liblouis 3.0.0-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Samuel Thibault)
[2017-09-20] liblouis 3.3.0-1 MIGRATED to testing (Debian testing watch)
[2017-09-14] Accepted liblouis 3.3.0-1 (source amd64 all) into unstable, unstable (Samuel Thibault)
[2016-09-19] liblouis 3.0.0-3 MIGRATED to testing (Debian testing watch)
[2016-09-13] Accepted liblouis 3.0.0-3 (source amd64 all) into unstable (Samuel Thibault)
[2016-09-10] Accepted liblouis 3.0.0-2 (source amd64 all) into experimental (Samuel Thibault)
[2016-09-07] Accepted liblouis 3.0.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)
[2016-07-20] liblouis 2.6.5-1 MIGRATED to testing (Debian testing watch)
[2016-07-15] Accepted liblouis 2.6.5-1 (source amd64 all) into unstable, unstable (Samuel Thibault)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 0
F&P: 1
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.7.0-1
9 bugs