[OE-core] [PATCH] [zeus] aspell: CVE-2019-20433

Mikko.Rapeli at bmw.de Mikko.Rapeli at bmw.de
Thu Mar 12 12:34:19 UTC 2020


On Thu, Mar 12, 2020 at 12:25:21PM +0000, Mittal, Anuj wrote:
> It looks like this is changing the API. I wonder if this would need any
> other change or break something elsewhere in OE-core, meta-oe?
> 
> http://aspell.net/buffer-overread-ucs.txt

Debian classified issues as minor and fixed only by updating
to 0.60.8:

https://security-tracker.debian.org/tracker/CVE-2019-20433

https://metadata.ftp-master.debian.org/changelogs//main/a/aspell/aspell_0.60.8-1_changelog

Maybe whitelist for stable branches and update to new version on master?

Cheers,

-Mikko


More information about the Openembedded-core mailing list