Fedora alert FEDORA-2018-9a09435935 (liblouis)
From: | updates@fedoraproject.org | |
To: | package-announce@lists.fedoraproject.org | |
Subject: | [SECURITY] Fedora 27 Update: liblouis-2.6.2-13.fc27 | |
Date: | Sun, 7 Oct 2018 21:12:32 +0000 (UTC) | |
Message-ID: | <20181007211232.59CE96042D39@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-9a09435935 2018-10-07 21:10:49.841450 -------------------------------------------------------------------------------- Name : liblouis Product : Fedora 27 Version : 2.6.2 Release : 13.fc27 URL : http://liblouis.org Summary : Braille translation and back-translation library Description : Liblouis is an open-source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule- or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Liblouis has features to support screen-reading programs. This has led to its use in two open-source screen readers, NVDA and Orca. It is also used in some commercial assistive technology applications for example by ViewPlus. Liblouis is based on the translation routines in the BRLTTY screen reader for Linux. It has, however, gone far beyond these routines. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2018-17294 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 26 2018 Martin Gieseking <martin.gieseking@uos.de> - 2.6.2-13 - Added patch to fix CVE-2018-11683. * Fri Nov 3 2017 Martin Gieseking <martin.gieseking@uos.de> - 2.6.2-12 - Applied security fixes from EL 7.4 (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) - Dropped redundant parts of the spec file. - Updated URL. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1632834 - CVE-2018-17294 liblouis: Stack-based buffer over-read in matchCurrentInput function lou_translateString.c https://bugzilla.redhat.com/show_bug.cgi?id=1632834 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-9a09435935' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann...