Copied from
ubuntu kinetic in
Primary Archive for Ubuntu
Changelog
fribidi (1.0.8-2.1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Make autopkgtests cross-test-friendly.
* Dropped changes, included in Debian:
- debian/patches/CVE-2022-25308.patch: add checking to length of string
buffer before processing in bin/fribidi-main.c
- debian/patches/CVE-2022-25309.patch: add checking and removal of
dangerous characters before encoding stage, in
lib/fribidi-char-sets-cap-rtl.c
- debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
to avoid potential use-after-free in lib/fribidi.c
fribidi (1.0.8-2.1) unstable; urgency=medium
* Non-maintainer upload by the LTS Team.
* CVE-2022-25308
stack-buffer-overflow issue in main()
* CVE-2022-25309
heap-buffer-overflow issue in fribidi_cap_rtl_to_unicode()
* CVE-2022-25310
SEGV issue in fribidi_remove_bidi_marks()
(Closes: #1008793)
-- Steve Langasek <email address hidden> Tue, 16 Aug 2022 08:17:22 -0700