Bug#941185: hunspell: CVE-2019-16707
Hi Rene, On Sat, Sep 28, 2019 at 01:58:21PM +0200, Rene Engelhard wrote: > forwarded 941185 https://github.com/hunspell/hunspell/issues/624 > thanks > > Hi, > > On Thu, Sep 26, 2019 at 06:37:42AM +0200, Salvatore Bonaccorso wrote: > > CVE-2019-16707[0]: > > | Hunspell 1.7.0 has an invalid read operation in > > | SuggestMgr::leftcommonsubstring in suggestmgr.cxx. > > [1] https://github.com/butterflyhack/hunspell-crash > > Looks like https://github.com/hunspell/hunspell/issues/624 Ack, thank you for checking. Regards, Salvatore
Bug#941185: hunspell: CVE-2019-16707
forwarded 941185 https://github.com/hunspell/hunspell/issues/624 thanks Hi, On Thu, Sep 26, 2019 at 06:37:42AM +0200, Salvatore Bonaccorso wrote: > CVE-2019-16707[0]: > | Hunspell 1.7.0 has an invalid read operation in > | SuggestMgr::leftcommonsubstring in suggestmgr.cxx. > [1] https://github.com/butterflyhack/hunspell-crash Looks like https://github.com/hunspell/hunspell/issues/624 Regards, Rene >
Bug#941185: hunspell: CVE-2019-16707
Source: hunspell Version: 1.7.0-2 Severity: normal Tags: security upstream Hi, The following vulnerability was published for hunspell. This is not really a big issue, and negligigle in security tracking context, but as it seems to have been reported just as crash in [1] it might be worth reporting it up to upstream. CVE-2019-16707[0]: | Hunspell 1.7.0 has an invalid read operation in | SuggestMgr::leftcommonsubstring in suggestmgr.cxx. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16707 [1] https://github.com/butterflyhack/hunspell-crash Please adjust the affected versions in the BTS as needed. Regards, Salvatore Init: sysvinit (via /sbin/init)