Package aspell updated to version 0.60.8-alt1 for branch p9 in task 261825.

Published: 2019-10-13

BDU:2020-01343

Уязвимость компонента libaspell.a программы проверки орфографии GNU Aspell, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C

References:

CVE-2019-17544

Published: 2020-01-27

BDU:2020-02855

Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: CRITICAL (9.4) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C

References:

CVE-2019-20433

Published: 2019-10-14
Modified: 2024-11-21

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Published: 2020-01-27
Modified: 2024-11-21

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References:

Собрать свежую версию

Version: 2.1.2

Package aspell update in p9 on 2020-11-20

ALT-PU-2020-3380-1

Closed vulnerabilities

BDU:2020-01343

BDU:2020-02855

CVE-2019-17544

CVE-2019-20433

Closed bugs

Bug #39290