-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: mips64el Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: mips64el Build Daemon (mipsel-osuosl-01) Changed-By: Thorsten Alteholz Description: aspell - GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 5df14c4d320e76181d202410c83f9aecfefd9039 563384 aspell-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb 43f8f6d5a43f216c98482eea05604e39aed7e1ca 7426 aspell_0.60.7~20110707-6+deb10u1_mips64el-buildd.buildinfo 5ad3dc071d6217f40c600dda98bcd877af34def7 222940 aspell_0.60.7~20110707-6+deb10u1_mips64el.deb f10192d4a01a0f7b9c0cd9d13da8d0269304994d 32868 libaspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb 2fa1167e6d0b2e7de4d6446d6f4dc760e2a468e2 2827216 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb 946c244cc20442ac1454bf69c72ce746ac2c09b6 284456 libaspell15_0.60.7~20110707-6+deb10u1_mips64el.deb 754675f206a50054c9945cb6648dc540e1191887 29956 libpspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb Checksums-Sha256: 2c7a94d68d92db364ae10000e886f550901bf6bd616bb60eae5d9ca409e1a1a7 563384 aspell-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb af63087352e9ada0caef0ecb3980007237433bf61a11be93cf29180fb83ab83f 7426 aspell_0.60.7~20110707-6+deb10u1_mips64el-buildd.buildinfo 18b483b0447a12b8df6e541f6fd8098dcd9a35ae67f1bf0ebb9869857d2b7363 222940 aspell_0.60.7~20110707-6+deb10u1_mips64el.deb 224b018e1b012c242bbcff9a8b037a2fe7ec39b509f20231679aa8ecb2f6a6a5 32868 libaspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb 82226a1e00eeb9cae39f9119d41faf14cf9db0d2994e753cc157d411306fd111 2827216 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb a4737e9bc6ce2572b86b0be3f2f222fb17598ced322423633db97d60a924e0e8 284456 libaspell15_0.60.7~20110707-6+deb10u1_mips64el.deb 6fcd4a3f266460e274a2c25ccabe47752d0175db900563c0d9ae9f4001326bba 29956 libpspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb Files: 535b9815c00a2d9193a8217ef5baf5d0 563384 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb bb6ab7e00593b0e14af96e5fef6e6784 7426 text optional aspell_0.60.7~20110707-6+deb10u1_mips64el-buildd.buildinfo 35f4ddbfbe2af895b2482c2b03e8ffb7 222940 text optional aspell_0.60.7~20110707-6+deb10u1_mips64el.deb 8f06ff8150b5658172e54c0d7829bc49 32868 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb e38166d541b2d506c5d739add2e05881 2827216 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_mips64el.deb 2698623f02bd933bd17e4d6e3ae0f174 284456 libs optional libaspell15_0.60.7~20110707-6+deb10u1_mips64el.deb 600f25364639757dea759782a2b7853b 29956 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEryjdUbSLrF4i3+FR9bfvoVMWRlwFAmEEjE8ACgkQ9bfvoVMW Rlw+VRAAoddhJIa6AH1l2V0XPhVIOdfRJUdAQXO4v3meWIxLqG0qCdfNz9W97f3z /bP9fJwB5vXooUkPWSET89RdsalknQI3Dv1+Qjq4iFWEd3Q3DAxv7JN+1hy+R0xx PUCoYBFtuVC71ySRrFLD1vmm5fOFP47RCp5Q6RX+JOHMLk3zmiEtzRUnT9uTvi7t u1nYDuC7AuIgwdIGqPzxSpfe5ZfNeeRX/Lo02nZFDKyyLj5gdoezf/qHuTLQ9eK1 yEDH3tNIkO4VB870hA0H5/KTV8pUek+sX5hm1xyP5npP3dPd/LUOfkYLENcHcPzt CmrsQR3Tg2l2Jb/qEvkr6ShJWvJA30k2HCIgHyGBU3bXVC6/wSF9aWIWdE/lZW3G Fq0evO1Pa0p0arQzLt5HdAyiMrBfZGXgXoBoeYymqCrpd0wKMIrI5kMBbpr7QbCQ e0PHWuphgX32v2X0aw9oQZA6foTdZeM7cQMqWFy/0DieuxanYsd6Pfglep94LAYv uehVot+JLA40WYl09N0joo0lEx6Y3ySlMRNSBcy7M50N0aiw1jAUGoexUKlVLfJZ jV7puYWKmyfLr+20ps+0hn8di5yr8x4nUosZN/NYl5yDJ6aQdwtxZGjubMQ27G62 Z04E2oPcmmdL5SQbykwUo3yKIEr0wb9qrgZCXUFf/VktwPl7slU= =eKZz -----END PGP SIGNATURE-----