UbuntuUpdates.org

Package "fribidi"

Name: fribidi

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Free Implementation of the Unicode BiDi algorithm (utility)
Latest version: 1.0.8-2ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "fribidi" in Focal

Repository Area Version
base main 1.0.8-2
base universe 1.0.8-2
security main 1.0.8-2ubuntu0.1
security universe 1.0.8-2ubuntu0.1
updates main 1.0.8-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.8-2ubuntu0.1 2022-04-06 13:06:23 UTC

  fribidi (1.0.8-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Incorrect length checking in processing of line input
    could result in a stack buffer overflow, resulting in a crash or potential
    code execution.
    - debian/patches/CVE-2022-25308.patch: add checking to length of string
      buffer before processing in bin/fribidi-main.c
    - CVE-2022-25308

  * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
    encoder could result in a heap buffer overflow, resulting in a crash or
    potential code execution.
    - debian/patches/CVE-2022-25309.patch: add checking and removal of
      dangerous characters before encoding stage, in
      lib/fribidi-char-sets-cap-rtl.c
    - CVE-2022-25309

  * SECURITY UPDATE: Incorrect handling of string pointer can result in a
    crash in fribidi_remove_bidi_marks().
    - debian/patches/CVE-2022-25310.patch: add checking for NULL strings, to avoid
      potential use-after-free in lib/fribidi.c
    - CVE-2022-25310

 -- Ray Veldkamp <email address hidden> Wed, 06 Apr 2022 15:13:58 +1000


About   -   Send Feedback to @ubuntu_updates