Register | Log in

liblouis

Choose email to subscribe with

general

source: liblouis (main)
version: 3.12.0-3
maintainer: Debian Accessibility Team (archive) (DMD)
uploaders: Cyril Brulebois [DMD] – Samuel Thibault [DMD]
arch: all any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.5.3-3+deb8u1
oldstable: 3.0.0-3+deb9u4
stable: 3.8.0-2
testing: 3.12.0-3
unstable: 3.12.0-3

versioned links

2.5.3-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.0-3+deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.8.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.12.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liblouis-bin
liblouis-data
liblouis-dev
liblouis20
python3-louis

action needed

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 3.12.0-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 085760b9ac75789b107259b619dbcab650495f52
Merge: ccfe39d f100224
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date:   Mon Jan 27 21:03:08 2020 +0000

    Merge branch 'lintian-fixes' into 'master'
    
    Fix some issues reported by lintian
    
    See merge request a11y-team/liblouis!2

commit f1002245090f709e485d7250bce279af6fd0b058
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Thu Jan 23 08:38:34 2020 +0000

    Set upstream metadata fields: Bug-Submit, Repository, Repository-Browse.

Created: 2020-01-27 Last update: 2020-02-14 20:06

14 ignored security issues in jessie low

There are 14 open security issues in jessie.

14 issues skipped by the security teams:

CVE-2018-11685: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
CVE-2018-11440: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2017-13741: There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.
CVE-2017-13740: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.
CVE-2017-13743: There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.
CVE-2017-13742: There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.
CVE-2018-11577: Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVE-2017-13744: There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
CVE-2018-12085: Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.
CVE-2018-11684: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
CVE-2017-13738: There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
CVE-2017-13739: There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.
CVE-2018-11683: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.

Please fix them.

Created: 2017-08-29 Last update: 2020-01-22 09:01

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2018-17294: The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.

Please fix it.

Created: 2018-09-21 Last update: 2020-01-22 09:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-01-21 05:06

news

[2020-01-22] liblouis 3.12.0-3 MIGRATED to testing (Debian testing watch)
[2020-01-19] Accepted liblouis 3.12.0-3 (source) into unstable (Samuel Thibault)
[2019-12-09] liblouis 3.12.0-2 MIGRATED to testing (Debian testing watch)
[2019-12-06] Accepted liblouis 3.12.0-2 (source) into unstable (Samuel Thibault)
[2019-12-06] Accepted liblouis 3.12.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)
[2019-12-06] liblouis 3.11.0-3 MIGRATED to testing (Debian testing watch)
[2019-12-06] liblouis 3.11.0-3 MIGRATED to testing (Debian testing watch)
[2019-12-01] Accepted liblouis 3.11.0-3 (source) into unstable (Samuel Thibault)
[2019-09-27] liblouis 3.11.0-2 MIGRATED to testing (Debian testing watch)
[2019-09-23] Accepted liblouis 3.11.0-2 (source) into unstable (Samuel Thibault)
[2019-09-10] liblouis 3.10.0-4 MIGRATED to testing (Debian testing watch)
[2019-09-07] Accepted liblouis 3.10.0-4 (source) into unstable (Samuel Thibault)
[2019-09-04] Accepted liblouis 3.11.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)
[2019-09-03] liblouis 3.10.0-3 MIGRATED to testing (Debian testing watch)
[2019-08-31] Accepted liblouis 3.10.0-3 (source) into unstable (Samuel Thibault)
[2019-08-31] Accepted liblouis 3.10.0-2 (source) into unstable (Samuel Thibault)
[2019-07-28] liblouis 3.10.0-1 MIGRATED to testing (Debian testing watch)
[2019-07-25] Accepted liblouis 3.10.0-1 (source) into unstable (Samuel Thibault)
[2019-07-09] liblouis 3.9.0-1 MIGRATED to testing (Debian testing watch)
[2019-03-29] Accepted liblouis 3.9.0-1 (source) into unstable (Samuel Thibault)
[2019-01-06] liblouis 3.8.0-2 MIGRATED to testing (Debian testing watch)
[2019-01-04] Accepted liblouis 3.8.0-2 (source) into unstable (Samuel Thibault)
[2019-01-04] Accepted liblouis 3.8.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)
[2018-09-17] liblouis 3.7.0-1 MIGRATED to testing (Debian testing watch)
[2018-09-15] Accepted liblouis 3.7.0-1 (source) into unstable (Samuel Thibault)
[2018-08-20] liblouis 3.6.0-3 MIGRATED to testing (Debian testing watch)
[2018-08-17] Accepted liblouis 3.6.0-3 (source) into unstable (Samuel Thibault)
[2018-07-12] liblouis 3.6.0-2 MIGRATED to testing (Debian testing watch)
[2018-07-07] Accepted liblouis 3.6.0-2 (source) into unstable (Samuel Thibault)
[2018-07-02] Accepted liblouis 3.6.0-1 (source amd64 all) into experimental, experimental (Samuel Thibault)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.12.0-3
9 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing