Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | aspell: CVE-2019-20433 | Stefan Ghinea | 2020-03-19 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. References: https://nvd.nist.gov/vuln/detail/CVE-2019-20433 Upstream patches: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc (From OE-Core rev: 07dc85604baf696cccf784c909dbad67275ad7b3) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
* | aspell: fix CVE-2019-17544 | Trevor Gamblin | 2019-10-29 | 1 | -1/+3 |
| | | | | | | | | | | Backport CVE-2019-17544 fix to zeus. (From OE-Core rev: 7ed241ff1f93c623a3b3030249c09f7c3c429a46) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
* | aspell: update to 0.60.7 | Oleksandr Kravchuk | 2019-08-12 | 1 | -0/+32 |
Removed patch was upstreamed. (From OE-Core rev: 78189e465f5b7afa756fe20de024c83b3d5ea9a5) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |