Ubuntu
fribidi package

Change logs for fribidi source package in Focal

  1. Focal (20.04)
  2. Change log 
  • fribidi (1.0.8-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Incorrect length checking in processing of line input
    could result in a stack buffer overflow, resulting in a crash or potential
    code execution.
    - debian/patches/CVE-2022-25308.patch: add checking to length of string
      buffer before processing in bin/fribidi-main.c
    - CVE-2022-25308

  * SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
    encoder could result in a heap buffer overflow, resulting in a crash or
    potential code execution.
    - debian/patches/CVE-2022-25309.patch: add checking and removal of
      dangerous characters before encoding stage, in
      lib/fribidi-char-sets-cap-rtl.c
    - CVE-2022-25309

  * SECURITY UPDATE: Incorrect handling of string pointer can result in a
    crash in fribidi_remove_bidi_marks().
    - debian/patches/CVE-2022-25310.patch: add checking for NULL strings, to avoid
      potential use-after-free in lib/fribidi.c
    - CVE-2022-25310

 -- Ray Veldkamp <email address hidden>  Wed, 06 Apr 2022 15:13:58 +1000
  • fribidi (1.0.8-2) unstable; urgency=medium

  * Add  revert_log2vis_get_embedding_levels.diff patch to revert back 
    fribidi_log2vis_get_embedding_levels function.
    It seems to be removed by mistake by upstream, since its documentation is
    still there (Closes: #947081)
  * Revert last update to symbols file

 -- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden>  Sat, 21 Dec 2019 03:11:40 +0100
  • fribidi (1.0.8-1) unstable; urgency=medium

  * New upstream version 1.0.8
  * Add Rules-Requires-Root=no
  * Set debhelper-compat in build deps
  * Refresh manpages.diff patch.
    Dropped Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff,
    applied upstream
  * Update symbols file

 -- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden>  Thu, 19 Dec 2019 21:07:01 +0100
  • fribidi (1.0.7-1.1) unstable; urgency=high

  * Non-maintainer upload.
  * Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL (CVE-2019-18397)
    (Closes: #944327)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 08 Nov 2019 13:36:50 +0100
  • fribidi (1.0.7-1) unstable; urgency=medium

  * Imported Upstream version 1.0.7
  * Drop no-config-h.diff patch, applied upstream
  * Update standards version to 4.4.1
  * Bumped compat level to 12
  * Update copyright years

 -- أحمد المحمودي (Ahmed El-Mahmoudy) <email address hidden>  Thu, 03 Oct 2019 06:03:43 +0200
  • fribidi (1.0.5-3.1) unstable; urgency=medium

  * Non-maintainer upload from the Venlo BSP.

  [ Ondřej Nový ]
  * d/copyright: Change Format URL to correct one

  [ Hugh McMaster ]
  * debian/control: Mark libfribidi-dev Multi-Arch: same (Closes: #907792).
  * libfribidi0-udeb: Install the shared library files into a multi-arch libdir
    (thanks to Samuel Thibault for supplying a patch) (Closes: #917909).

 -- Christoph Berg <email address hidden>  Sat, 12 Jan 2019 13:33:35 +0100