Your message dated Thu, 05 Aug 2021 19:52:52 +0000 with message-id <e1mbjqc-0002nf...@fasolo.debian.org> and subject line Bug#991307: fixed in aspell 0.60.7~20110707-6+deb10u1 has caused the Debian Bug report #991307, regarding aspell: CVE-2019-25051 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991307: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: aspell X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for aspell. CVE-2019-25051[0]: | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in | acommon::ObjStack::dup_top (called from acommon::StringMap::add and | acommon::Config::lookup_list). https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 Patch: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-25051 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: aspell Source-Version: 0.60.7~20110707-6+deb10u1 Done: Thorsten Alteholz <deb...@alteholz.de> We believe that the bug you reported is fixed in the latest version of aspell, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated aspell package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym aspell-doc libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: source amd64 all Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: Agustin Martin Domingo <agmar...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: aspell - GNU Aspell spell-checker aspell-doc - Documentation for GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 5b8470800b8ccc69a10691926d4e7ae129b0dcef 2368 aspell_0.60.7~20110707-6+deb10u1.dsc b5a41b92d70740efe7785baaefe1616c69c34637 1876992 aspell_0.60.7~20110707.orig.tar.gz 77c8b732196f7054e571f5624539f99b2c940a58 27568 aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz c737eb8228d82fed48928ad9241fff106a8340ce 546544 aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 10e9b3a5cc1b3be058375c175439a871deea731d 252032 aspell-doc_0.60.7~20110707-6+deb10u1_all.deb 9254d7f2e138a3130f7a89fff40df7b504ebc87e 8235 aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo 4347f910b2f1823266b5cc775ec75c8e2cc76f44 225740 aspell_0.60.7~20110707-6+deb10u1_amd64.deb 7eb9d6ebc27d91b342bb826b39dd47a51aefcfb5 32820 libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb 9302f2570be5dc051b65b422a736c98cf10385cf 2780936 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 36b9215234db6f8629554381f1e19c1aad224adf 327280 libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 4665629d14d48b78486be0e9bff033dec7b30926 29900 libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb Checksums-Sha256: b5acf95913c5c273d8ae56d05d41a380666f2db62a30a8abb308c25ae7bccec6 2368 aspell_0.60.7~20110707-6+deb10u1.dsc 71a41224e224af08a0051a9048fc0b4a912acee997d4870cfd68bd7327c45b61 1876992 aspell_0.60.7~20110707.orig.tar.gz 5b607c76d957398ec9b7b5bcd522cc327c5521ac7df525319d14c993c73a859c 27568 aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz 8bdaba3ba5723a68a0ade7d177150ed06d0e62a9f7e888ead2e73f0d1a2de19d 546544 aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 76350b0202142c36a383a882a940ebc03345732a0edd432cc6e4fe80c7eaaa8d 252032 aspell-doc_0.60.7~20110707-6+deb10u1_all.deb 4310fca3205c5ab0f782e4be1f29c318d4bd3bbf2a0b75ee0abe0acf62ded29a 8235 aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo ed67305dfee108e07366a7485f5b0c6e8d66aec11464ead25dd66ca3ef3af3b6 225740 aspell_0.60.7~20110707-6+deb10u1_amd64.deb 25fb3748729135b5ed12b858d7f9ea7faa254d1a77c9cc488f9b9ed9c7abaa0f 32820 libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb be57f782d88374989f89fe98be187deaba8420217c1301e68358e25da9e5f337 2780936 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 5c17396579ff532bea08988667d90bad8c169dc1d1f02bd87dbf36e4ec20ce9f 327280 libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 0b9ab062c99c03c4e2a77ac99f1be546abb791b3483947a879f2b8536dae3070 29900 libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb Files: 90927a271af87662f9fed52754d58a6c 2368 text optional aspell_0.60.7~20110707-6+deb10u1.dsc 9a80faddad3222b88c544e93d2ab9579 1876992 text optional aspell_0.60.7~20110707.orig.tar.gz a612190cf4ac8b4a3124f956deeac250 27568 text optional aspell_0.60.7~20110707-6+deb10u1.debian.tar.xz 2d550c9898455d745494ec23119e01d4 546544 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb d9e9c2035fa8de9590821c67d6fd87eb 252032 doc optional aspell-doc_0.60.7~20110707-6+deb10u1_all.deb b1d9621dc871a8843527b26bac7a520e 8235 text optional aspell_0.60.7~20110707-6+deb10u1_amd64.buildinfo 17b868c96291d352708595d02499eaa5 225740 text optional aspell_0.60.7~20110707-6+deb10u1_amd64.deb 840fe82ad9f1f26b57569ff8c74144ac 32820 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb 30211840dc8fd721e4e2664faa54ce85 2780936 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_amd64.deb 60d006ac14df2938da1b30f1faf53097 327280 libs optional libaspell15_0.60.7~20110707-6+deb10u1_amd64.deb 2ca8beaa11f72bd66e0ac7d840a8d8b8 29900 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmEEhqtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR5orEACy4YltC09cnlnwRLedJxE5Tp2MTq8D vJwx9gHsyZZhJm3PC3FBcZS9G6/QfDDVuIojBD+ey9dg9J8jegqlQl9B3reaS4xJ YE1ef1pt75gTi+LXBhpxR0eKOTWdzqIGZyV1SJqaVTRuaVTatJ9cphRuhYLCoDYx w3kZRYR+YeP83f2DfcMfpWOvR8c7JrZNXZn+sg4x342tNaEUJf5LUkYx22e7YFJR 2qGF1BDkpW3a1pbmmKdT7rlyl5vTwinksGa9IllwVBMvDVZBBZWAB5uZYGuwYlM3 AW0r/JjYl3OfIaK45b6uDxbWkUfgFeBp3knq7bhO0JVlOwXCCUWHfM1gaefA8zjz vwdKPVy96DCgXcxRvoRsV2n40ZYfLPhxgLbkKx2IqMb9yyVB/+RqapbpCAMVXnTK iEou7QD/H5NqprWvuplNcWaNqlYDzDt6qTvkxwHP1Az3wW8U86pUXV3kuBFZfbKG yHZKfRN0IOCVm3UOPpWUcnkfaqGDty9OSTvk+jASPpucl+E3MFu76LE6zln6Qssb exU2uoMJsIuBBV5XcYUGLYRGYVCZ3I75ttpp7O5i2yn3IVjateKyiFooTsWAKJBa 5KZalgsmO1XlHFq85SzkPHpgLAmc1e7M4LCNP1hW5NL+x3sFdrV63B7J38c7V19m gceZu1EYs9QygQ== =bThh -----END PGP SIGNATURE-----
--- End Message ---
