Ubuntu
fribidi package

fribidi 1.0.8-2ubuntu2.1 source package in Ubuntu

Changelog

fribidi (1.0.8-2ubuntu2.1) impish-security; urgency=medium

  * SECURITY UPDATE: Incorrect length checking in processing of line input
    could result in a stack buffer overflow, resulting in a crash or potential
    code execution.
    - debian/patches/CVE-2022-25308.patch: add checking to length of string
      buffer before processing in bin/fribidi-main.c
    - CVE-2022-25308

  * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
    encoder could result in a heap buffer overflow, resulting in a crash or
    potential code execution.
    - debian/patches/CVE-2022-25309.patch: add checking and removal of
      dangerous characters before encoding stage, in
      lib/fribidi-char-sets-cap-rtl.c
    - CVE-2022-25309

  * SECURITY UPDATE: Incorrect handling of string pointer can result in a
    crash in fribidi_remove_bidi_marks().
    - debian/patches/CVE-2022-25310.patch: add checking for NULL strings, to avoid
      potential use-after-free in lib/fribidi.c
    - CVE-2022-25310

 -- Ray Veldkamp <email address hidden>  Wed, 06 Apr 2022 15:07:20 +1000

Upload details

Uploaded by:
Ray Veldkamp
Uploaded to:
Impish
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
fribidi_1.0.8.orig.tar.bz2 2.0 MiB 94c7b68d86ad2a9613b4dcffe7bbeb03523d63b5b37918bdf2e4ef34195c1e6c
fribidi_1.0.8-2ubuntu2.1.debian.tar.xz 10.6 KiB d6a75c02cd9609e4f83f89e77094337fff2b40594f03f38ecbb12bcff2f0f7c6
fribidi_1.0.8-2ubuntu2.1.dsc 2.4 KiB 239b180e2dd9b0c68f6c240f4e44ceedf9e242994e375e20717b0860e7625416

View changes file

Binary packages built by this source

libfribidi-bin: No summary available for libfribidi-bin in ubuntu impish.

No description available for libfribidi-bin in ubuntu impish.

libfribidi-bin-dbgsym: No summary available for libfribidi-bin-dbgsym in ubuntu impish.

No description available for libfribidi-bin-dbgsym in ubuntu impish.

libfribidi-dev: No summary available for libfribidi-dev in ubuntu impish.

No description available for libfribidi-dev in ubuntu impish.

libfribidi0: No summary available for libfribidi0 in ubuntu impish.

No description available for libfribidi0 in ubuntu impish.

libfribidi0-dbgsym: No summary available for libfribidi0-dbgsym in ubuntu impish.

No description available for libfribidi0-dbgsym in ubuntu impish.