Your message dated Tue, 20 Jul 2021 22:18:31 +0000 with message-id <e1m5y4n-0006re...@fasolo.debian.org> and subject line Bug#991307: fixed in aspell 0.60.8-3 has caused the Debian Bug report #991307, regarding aspell: CVE-2019-25051 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: aspell X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for aspell. CVE-2019-25051[0]: | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in | acommon::ObjStack::dup_top (called from acommon::StringMap::add and | acommon::Config::lookup_list). https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 Patch: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-25051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: aspell Source-Version: 0.60.8-3 Done: Agustin Martin Domingo <agmar...@debian.org> We believe that the bug you reported is fixed in the latest version of aspell, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Agustin Martin Domingo <agmar...@debian.org> (supplier of updated aspell package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 20 Jul 2021 23:42:34 +0200 Source: aspell Architecture: source Version: 0.60.8-3 Distribution: unstable Urgency: medium Maintainer: Agustin Martin Domingo <agmar...@debian.org> Changed-By: Agustin Martin Domingo <agmar...@debian.org> Closes: 991307 Changes: aspell (0.60.8-3) unstable; urgency=medium . * 000-objstack-assert-that-the-alloc-size-will-fit-within-.patch: Fix CVE-2019-25051: objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow (Closes: #991307). Checksums-Sha1: 3bbb4baaf39bf61a819d8bf0bcf9d0a8e4648909 2120 aspell_0.60.8-3.dsc 658cf01a8de77f3368a2a1aaee18e846dd4cc892 25816 aspell_0.60.8-3.debian.tar.xz 541a35809be7ea703049cce8366bc9ca179a3de0 8002 aspell_0.60.8-3_amd64.buildinfo Checksums-Sha256: 2ae1994e2461c9d3778c8eaac5af0f1fdb6e07368dd7992db67d0aa002cc748c 2120 aspell_0.60.8-3.dsc e49727904e3c030fabb895bb60ad2f611542ce633284568105b354216aa7039e 25816 aspell_0.60.8-3.debian.tar.xz 3b131c8fce9607031247a705d433260964520ec8be1ee7cc029fef711ae6be93 8002 aspell_0.60.8-3_amd64.buildinfo Files: 72349b412bdb67b76570a592a53d21ce 2120 text optional aspell_0.60.8-3.dsc 5283b803f5a5b64402add45db74a3976 25816 text optional aspell_0.60.8-3.debian.tar.xz bf3ac4ca306529cab3af7b7b05844536 8002 text optional aspell_0.60.8-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEEehey7p+gYd346SEFJrCLeiggvwFAmD3R7AACgkQFJrCLeig gvyqCBAArBOVr0J9qxqGJvwpWN7I6zR+oM2hJGN0V384IKpuynbJV5QuzjA5d5wL ImDs5ZQG07anb/fVq7+Ht05HotoKO0SE2Tm/tPg2YZdWsudyPvBPOvt3VrmfxBIf VRxS1hVMvlu5EtY/264kx1VLdMOVy3edPGWBmaiyQnSGyYlHoiud5cM3w+DIoGwb Flg5ZOnxL7CUyM6xdXCgKs1QDlZ9UW5boU3wppWZG/WUChSbLPIXix3xEw4PFlmA tiksIz8B7OMclw0+hZmxWFLEpBJq+R56AqrmZp565xDqaTynCj+1GZLywr8neXhW uLiVamhc7785Xey+7BZq0D3Ek240/YXVht1QjS03b79bIgOTJftxEImAwwinJRaE OvbLOVXfc5em5wx8rflQe6Z1jOpsFdrzu5cutt8r3BssQU/ZSn5s6cEHSvRH+I8W ODcwUvY2YiVW/ZppkUtjDuUTe2eH14WNhK9wnhzYPVZWt5KIesIDBzBIKonk3IK3 4PLWs9A1CvjkklIG7yHPKB+OPRU/jxSXQJ1QTXOnGPkmh4bHBasplIPVf3BjEg1G HFzNbrB8DxPxf5rl6MEuf9fQUh7TQX6Ws4w0WXR8uIUcZU1e/Qa1z4zneONLOVbN HvBj5B2laRXcN7pJSbXpOdnSTUw6+oVH/xwXbnvCBKfAiE77rRw= =LgRZ -----END PGP SIGNATURE-----
--- End Message ---
