Publishing details

Changelog

fribidi (1.0.8-2.1ubuntu1) kinetic; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Make autopkgtests cross-test-friendly.
  * Dropped changes, included in Debian:
    - debian/patches/CVE-2022-25308.patch: add checking to length of string
      buffer before processing in bin/fribidi-main.c
    - debian/patches/CVE-2022-25309.patch: add checking and removal of
      dangerous characters before encoding stage, in
      lib/fribidi-char-sets-cap-rtl.c
    - debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
      to avoid potential use-after-free in lib/fribidi.c

fribidi (1.0.8-2.1) unstable; urgency=medium

  * Non-maintainer upload by the LTS Team.
  * CVE-2022-25308
    stack-buffer-overflow issue in main()
  * CVE-2022-25309
    heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()
  * CVE-2022-25310
    SEGV issue in fribidi_remove_bidi_marks()
    (Closes: #1008793)

 -- Steve Langasek <email address hidden>  Tue, 16 Aug 2022 08:17:22 -0700

Available diffs

Builds

Package files