-
fribidi (1.0.8-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect length checking in processing of line input
could result in a stack buffer overflow, resulting in a crash or potential
code execution.
- debian/patches/CVE-2022-25308.patch: add checking to length of string
buffer before processing in bin/fribidi-main.c
- CVE-2022-25308
* SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
encoder could result in a heap buffer overflow, resulting in a crash or
potential code execution.
- debian/patches/CVE-2022-25309.patch: add checking and removal of
dangerous characters before encoding stage, in
lib/fribidi-char-sets-cap-rtl.c
- CVE-2022-25309
* SECURITY UPDATE: Incorrect handling of string pointer can result in a
crash in fribidi_remove_bidi_marks().
- debian/patches/CVE-2022-25310.patch: add checking for NULL strings, to avoid
potential use-after-free in lib/fribidi.c
- CVE-2022-25310
-- Ray Veldkamp <email address hidden> Wed, 06 Apr 2022 15:13:58 +1000
-
fribidi (1.0.8-2) unstable; urgency=medium
* Add revert_log2vis_get_embedding_levels.diff patch to revert back
fribidi_log2vis_get_embedding_levels function.
It seems to be removed by mistake by upstream, since its documentation is
still there (Closes: #947081)
* Revert last update to symbols file
-- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden> Sat, 21 Dec 2019 03:11:40 +0100
-
fribidi (1.0.8-1) unstable; urgency=medium
* New upstream version 1.0.8
* Add Rules-Requires-Root=no
* Set debhelper-compat in build deps
* Refresh manpages.diff patch.
Dropped Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff,
applied upstream
* Update symbols file
-- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden> Thu, 19 Dec 2019 21:07:01 +0100
-
fribidi (1.0.7-1.1) unstable; urgency=high
* Non-maintainer upload.
* Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL (CVE-2019-18397)
(Closes: #944327)
-- Salvatore Bonaccorso <email address hidden> Fri, 08 Nov 2019 13:36:50 +0100
-
fribidi (1.0.7-1) unstable; urgency=medium
* Imported Upstream version 1.0.7
* Drop no-config-h.diff patch, applied upstream
* Update standards version to 4.4.1
* Bumped compat level to 12
* Update copyright years
-- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden> Thu, 03 Oct 2019 06:03:43 +0200
-
fribidi (1.0.5-3.1) unstable; urgency=medium
* Non-maintainer upload from the Venlo BSP.
[ Ondřej Nový ]
* d/copyright: Change Format URL to correct one
[ Hugh McMaster ]
* debian/control: Mark libfribidi-dev Multi-Arch: same (Closes: #907792).
* libfribidi0-udeb: Install the shared library files into a multi-arch libdir
(thanks to Samuel Thibault for supplying a patch) (Closes: #917909).
-- Christoph Berg <email address hidden> Sat, 12 Jan 2019 13:33:35 +0100