ALT-BU-2022-5042-1
Branch c9f2 update bulletin.
Closed vulnerabilities
Modified: 2024-09-16
BDU:2015-02023
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-12
CVE-2014-0466
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html
- http://www.debian.org/security/2014/dsa-2892
- http://www.securityfocus.com/bid/66660
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
- https://security.gentoo.org/glsa/201701-67
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00021.html
- http://www.debian.org/security/2014/dsa-2892
- http://www.securityfocus.com/bid/66660
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
- https://security.gentoo.org/glsa/201701-67
Modified: 2025-04-20
CVE-2015-8107
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.
Closed vulnerabilities
Modified: 2025-04-03
CVE-2005-2536
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.
- http://secunia.com/advisories/16183/
- http://secunia.com/advisories/16305
- http://secunia.com/advisories/16624
- http://www.debian.org/security/2005/dsa-792
- http://www.gentoo.org/security/en/glsa/glsa-200507-29.xml
- http://www.securityfocus.com/bid/14378
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21498
- http://secunia.com/advisories/16183/
- http://secunia.com/advisories/16305
- http://secunia.com/advisories/16624
- http://www.debian.org/security/2005/dsa-792
- http://www.gentoo.org/security/en/glsa/glsa-200507-29.xml
- http://www.securityfocus.com/bid/14378
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21498
Modified: 2025-04-09
CVE-2006-5869
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
- http://secunia.com/advisories/20012
- http://secunia.com/advisories/23135
- http://www.debian.org/security/2006/dsa-1220
- http://www.securityfocus.com/bid/17897
- http://www.securityfocus.com/bid/21299
- http://www.vupen.com/english/advisories/2006/1707
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356988
- http://secunia.com/advisories/20012
- http://secunia.com/advisories/23135
- http://www.debian.org/security/2006/dsa-1220
- http://www.securityfocus.com/bid/17897
- http://www.securityfocus.com/bid/21299
- http://www.vupen.com/english/advisories/2006/1707
Closed vulnerabilities
Modified: 2025-04-20
CVE-2017-9430
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
- https://cxsecurity.com/issue/WLB-2017060030
- https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
- https://www.exploit-db.com/exploits/42115/
- https://www.exploit-db.com/exploits/42424/
- https://cxsecurity.com/issue/WLB-2017060030
- https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
- https://www.exploit-db.com/exploits/42115/
- https://www.exploit-db.com/exploits/42424/
Closed vulnerabilities
Modified: 2024-07-05
BDU:2015-02170
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06275
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06276
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06417
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06563
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06564
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06565
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06566
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06567
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06568
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-09-16
BDU:2015-06569
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06570
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06571
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-06572
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08613
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08614
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08615
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08616
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08617
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08618
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08619
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-09-16
BDU:2015-08620
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2016-11-28
BDU:2015-08621
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-09-16
BDU:2015-08622
Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-11
CVE-2010-2642
Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.
- http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
- http://lists.mandriva.com/security-announce/2011-01/msg00006.php
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/42769
- http://secunia.com/advisories/42821
- http://secunia.com/advisories/42847
- http://secunia.com/advisories/42872
- http://www.debian.org/security/2011/dsa-2357
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.redhat.com/support/errata/RHSA-2011-0009.html
- http://www.securityfocus.com/bid/45678
- http://www.securitytracker.com/id?1024937
- http://www.ubuntu.com/usn/USN-1035-1
- http://www.vupen.com/english/advisories/2011/0029
- http://www.vupen.com/english/advisories/2011/0043
- http://www.vupen.com/english/advisories/2011/0056
- http://www.vupen.com/english/advisories/2011/0097
- http://www.vupen.com/english/advisories/2011/0102
- http://www.vupen.com/english/advisories/2011/0193
- http://www.vupen.com/english/advisories/2011/0194
- https://bugzilla.redhat.com/show_bug.cgi?id=666318
- https://security.gentoo.org/glsa/201701-57
- http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052910.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052995.html
- http://lists.mandriva.com/security-announce/2011-01/msg00006.php
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/42769
- http://secunia.com/advisories/42821
- http://secunia.com/advisories/42847
- http://secunia.com/advisories/42872
- http://www.debian.org/security/2011/dsa-2357
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:016
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:017
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.redhat.com/support/errata/RHSA-2011-0009.html
- http://www.securityfocus.com/bid/45678
- http://www.securitytracker.com/id?1024937
- http://www.ubuntu.com/usn/USN-1035-1
- http://www.vupen.com/english/advisories/2011/0029
- http://www.vupen.com/english/advisories/2011/0043
- http://www.vupen.com/english/advisories/2011/0056
- http://www.vupen.com/english/advisories/2011/0097
- http://www.vupen.com/english/advisories/2011/0102
- http://www.vupen.com/english/advisories/2011/0193
- http://www.vupen.com/english/advisories/2011/0194
- https://bugzilla.redhat.com/show_bug.cgi?id=666318
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-0433
Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/48985
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/
- https://bugzilla.gnome.org/show_bug.cgi?id=640923
- https://bugzilla.redhat.com/show_bug.cgi?id=679732
- https://security.gentoo.org/glsa/201701-57
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/48985
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/
- https://bugzilla.gnome.org/show_bug.cgi?id=640923
- https://bugzilla.redhat.com/show_bug.cgi?id=679732
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-0764
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/47347
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.securityfocus.com/bid/46941
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.ubuntu.com/usn/USN-1316-1
- http://www.vupen.com/english/advisories/2011/0728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
- https://security.gentoo.org/glsa/201701-57
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/47347
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:002
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.securityfocus.com/bid/46941
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.ubuntu.com/usn/USN-1316-1
- http://www.vupen.com/english/advisories/2011/0728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66208
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-1552
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-1553
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-1554
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://secunia.com/advisories/43823
- http://secunia.com/advisories/48985
- http://securityreason.com/securityalert/8171
- http://securitytracker.com/id?1025266
- http://www.foolabs.com/xpdf/download.html
- http://www.kb.cert.org/vuls/id/376500
- http://www.kb.cert.org/vuls/id/MAPG-8ECL8X
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://www.securityfocus.com/archive/1/517205/100/0/threaded
- http://www.toucan-system.com/advisories/tssa-2011-01.txt
- http://www.vupen.com/english/advisories/2011/0728
- https://security.gentoo.org/glsa/201701-57
Modified: 2025-04-11
CVE-2011-5244
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
- http://git.gnome.org/browse/evince/commit/?id=439c5070022e
- http://git.gnome.org/browse/evince/commit/?id=d4139205b010
- http://www.openwall.com/lists/oss-security/2011/03/04/21
- https://bugzilla.gnome.org/show_bug.cgi?id=643882
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80271
- https://security.gentoo.org/glsa/201701-57
- http://git.gnome.org/browse/evince/commit/?id=439c5070022e
- http://git.gnome.org/browse/evince/commit/?id=d4139205b010
- http://www.openwall.com/lists/oss-security/2011/03/04/21
- https://bugzilla.gnome.org/show_bug.cgi?id=643882
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80271
- https://security.gentoo.org/glsa/201701-57
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-19917
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html
Modified: 2024-11-21
CVE-2019-19918
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html