-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: i386 Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Thorsten Alteholz Description: aspell - GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 0fe965cc0eebe1f8b2b40fe94783506564aeb193 524968 aspell-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb ee185abd9dadae988bb31bce522150e428ff2d4c 7455 aspell_0.60.7~20110707-6+deb10u1_i386-buildd.buildinfo bafc381d828ebce303e333bd24a91648c4020903 231532 aspell_0.60.7~20110707-6+deb10u1_i386.deb bea29e6f4cd4a4855f6608c6d85178636f9658f2 32856 libaspell-dev_0.60.7~20110707-6+deb10u1_i386.deb 5941cfb68da0fb59b943e4fe8431dcd2679c5b8b 2636208 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb e7d42e71714b6a36a0aa4d8da0b147e6a51e1cdb 341432 libaspell15_0.60.7~20110707-6+deb10u1_i386.deb d5f3bb4d19db93f4cd9f9f453b973ac9b218e1d6 29944 libpspell-dev_0.60.7~20110707-6+deb10u1_i386.deb Checksums-Sha256: ce3cfe14b53f6613c46a6c8de43ae2faae26733360c614cdb44bce0c25e32f73 524968 aspell-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb 48ec10325c713246f0980e04956dc87b82f25e7a35289a7d47190d97a008b709 7455 aspell_0.60.7~20110707-6+deb10u1_i386-buildd.buildinfo 7f2c0ac6a5d376d5fdecb72e222e299813cbb73e486c272e250c3fadb65a0141 231532 aspell_0.60.7~20110707-6+deb10u1_i386.deb f1ddfa68b525cc9568c3ced4ec5d4ba0c1557b7b7a017a3098506d83fb6cb4bd 32856 libaspell-dev_0.60.7~20110707-6+deb10u1_i386.deb aa14988a3accbed74b200d0973718ea58652f81358b16d87e9260a46706ade13 2636208 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb e896d10aa815d6fe692258bdb5c4c28a1f0d77cf97498197b042d2b27bba95db 341432 libaspell15_0.60.7~20110707-6+deb10u1_i386.deb 4a2c3c8f2ffc45e4869144005b68e9463f3d2dab7599dd0ab9cf4087dd3ad201 29944 libpspell-dev_0.60.7~20110707-6+deb10u1_i386.deb Files: a46c45461b904ec8be62e3a7757efff0 524968 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb 46c41f18ddbc3dc39df00481e3ece4b1 7455 text optional aspell_0.60.7~20110707-6+deb10u1_i386-buildd.buildinfo fd5ad95d8c9e974fb2dfbfe2ce47af56 231532 text optional aspell_0.60.7~20110707-6+deb10u1_i386.deb 598e28b27e0379042b7c1ba3a46157de 32856 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_i386.deb b4c14d233e7781e6f8fa8a9ffa8fbe13 2636208 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_i386.deb 474c7f9ac84f39f3524cdfee25172faf 341432 libs optional libaspell15_0.60.7~20110707-6+deb10u1_i386.deb 22a6330c1d10a67f07a38f1069b2b993 29944 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmEEis4ACgkQqX+JKfZg T27brw//U+UC41kJehzSW67JR8BM6Gzh2qWKVQSCujOgInPUhYxhDzt0DsKivO/d OSbzOmVMEOUfLd//cK+2tlW8etHPGEkAWBRv2ZYF8Hff3uXhoa+8mKnuzYH5/EC5 t9IXd5fvBmYmpD+X7a7UxWLUXBvjE0AaNWYC2pmhLR9rBZ5j9jnSnOUVub1qXb6e QXg7+HD6i3QSjb+EbfHwF8QO1833KiFXBGanIySn7AlbCAJnDROPmPk9qnU/phGd VJHMPW1KiSw7tyrIoGHFtkvX6h2HflvVdxl8He5E+3/NOAXlR2SylHLHeP0Gry5e 5GbuDR+jbX/2hkrKQCeeYAO1GZHdWQUhLTLnY+7LyjFnTDYtlp3Amldvv8f8oZDy fwhawbVqD9VAeHX2cm2IV68MmQ0siJ4MnqrP/padLW+KZhW4W21XopBv4r2Ifx2H PZIm2CW3gNIaIUOVa6AanMdBshqBbqzqSMHG+c2v7unuVEMiWgOZtcjt+c57F1t3 p4IGTPFkQNBoJAFTjGRX7aZdLgHkdBUzgTyulYfJxUAmPYgjyX9Y1FcoGHTg47yS 6CLO2BOqt8Mj628YX3ppYoq9BmnxnxpDM9HiTJOACS6nPZuavpulYBU70HXocg4a jiMQ3LpOsCQkxt8YTOHS7656x00tQoaWRI/9WcHlWrbl4YiTAF8= =7vXp -----END PGP SIGNATURE-----