Debian alert DLA-1966-1 (aspell)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1966-1] aspell security update | |
| Date: | Sat, 19 Oct 2019 21:13:20 +0200 | |
| Message-ID: | <8613e552-ce8c-fee5-886b-9fefdda630d4@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : aspell Version : 0.60.7~20110707-1.3+deb8u1 CVE ID : CVE-2019-17544 It was discovered that Aspell, the GNU spell checker, incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. For Debian 8 "Jessie", this problem has been fixed in version 0.60.7~20110707-1.3+deb8u1. We recommend that you upgrade your aspell packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2rYFBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ9sQ/8CN8M1V4sqCU6RrbndXLUkme8+oBuGW7WN3NKnADXMgsdqwUIys0x7oJN 7is7sQFlDlJgHYHzQeuWddkL2nqpKFaxm0npKdhzFtDlkDNYn7WffYY7s7l/izBe F4TxidCA+ROQI6JVKPR3J6apzkDnj5xNXkdvIysWZHAYtGFnIbdFKl6hAA4sMnDv INzo0JFRKf+RAZWr5kvr3MZpB0ytVFa8hqpL7y7OzpeDT5OPmtF+q/GbXf05ERn7 NAo2Iwbfkh3/2htXBp/T/hxPWBbZ0/J55epusuZewQriXO0TFsbppgIjkyBu8duM NQFlJXurV/qmHV3NqzFerxTX/1sZCgYNRfrc40PJ0dbEv4VV7qEWi7SAYa/YTc5I IP/SajG+U8dgFqklovCYf1v+oNdF/3BK8tSnX2nuy9RK70gY5VSm1zSOOwt1tbzw y/j3rn9zkuMxI5tJHqYXntwP0Ql4gVhb4ugfB73YfnGDZo1CELDJRxyHjnuxnTc7 Bsv2HU8BeQ5UjR8nyJheTG4Iztr2CqfUtM66v/HqA8uXLgan+Vlq5/LeKTK2CCOC F7Lyh+yeRbSuHkDWmCHlBk1fxiR6ZPHT7yYQoUQzL8FvlsfOS01FlpNoykzNbwcG BRaRqEseJQindgl/0yAla2Ospn5U9f20BO76/0kZxxOHGDmKsZQ= =U09c -----END PGP SIGNATURE-----