Format: 1.8
Date: Tue, 26 Apr 2022 16:01:05 +1000
Source: fribidi
Built-For-Profiles: noudeb
Architecture: source
Version: 1.0.8-2ubuntu3.1
Distribution: jammy-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Ray Veldkamp <ray.veldkamp@canonical.com>
Changes:
 fribidi (1.0.8-2ubuntu3.1) jammy-security; urgency=medium
 .
   * SECURITY UPDATE: Incorrect length checking in processing of line input
     could result in a stack buffer overflow, resulting in a crash or potential
     code execution.
     - debian/patches/CVE-2022-25308.patch: add checking to length of string
       buffer before processing in bin/fribidi-main.c
     - CVE-2022-25308
 .
   * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
     encoder could result in a heap buffer overflow, resulting in a crash or
     potential code execution.
     - debian/patches/CVE-2022-25309.patch: add checking and removal of
       dangerous characters before encoding stage, in
       lib/fribidi-char-sets-cap-rtl.c
     - CVE-2022-25309
 .
   * SECURITY UPDATE: Incorrect handling of string pointer can result in a
     crash in fribidi_remove_bidi_marks().
     - debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
       to avoid potential use-after-free in lib/fribidi.c
     - CVE-2022-25310
Checksums-Sha1:
 d40b2f16a633ca09360536169541164a8b5e4689 2442 fribidi_1.0.8-2ubuntu3.1.dsc
 b27e32289cb5cf9ba45ed0da6c78d454c82dbf88 10888 fribidi_1.0.8-2ubuntu3.1.debian.tar.xz
 61e8ea6f452e17ff3f7e170ee27f52366c4eb9e3 6423 fribidi_1.0.8-2ubuntu3.1_source.buildinfo
Checksums-Sha256:
 585c32773194a19ab4e64e37e86c2d9627ba1235c496fe07544f8b8f80233160 2442 fribidi_1.0.8-2ubuntu3.1.dsc
 c4a0185e8b55a2520eb98575acdfbb7d42b36a1ad2b22f1c2f308a20ee3466f9 10888 fribidi_1.0.8-2ubuntu3.1.debian.tar.xz
 d71e88bfefa1dafea1a40e56beeb8597407eca83dd3e784ca1443e62d33bc0e0 6423 fribidi_1.0.8-2ubuntu3.1_source.buildinfo
Files:
 072ac785dcf16c46c9cfc932718ca0c7 2442 libs optional fribidi_1.0.8-2ubuntu3.1.dsc
 e318c7ace5126314cb85e4c83b1b2bbd 10888 libs optional fribidi_1.0.8-2ubuntu3.1.debian.tar.xz
 e614116e5aceb943c591492bc0193922 6423 libs optional fribidi_1.0.8-2ubuntu3.1_source.buildinfo
Original-Maintainer: Debian Hebrew Packaging Team <team+hebrew@tracker.debian.org>