Updated lout packages fix security vulnerabilities
Publication date: 10 Nov 2020Modification date: 10 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19917 , CVE-2019-19918
Description
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. (CVE-2019-19917) Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. (CVE-2019-19918)
References
- https://bugs.mageia.org/show_bug.cgi?id=27492
- https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19918
SRPMS
7/core
- lout-3.40-9.1.mga7