Debian Patches

Status for fribidi/1.0.8-2.1

Patch	Description	Author	Forwarded	Bugs	Origin	Last update
revert_log2vis_get_embedding_levels.diff	Revert back fribidi_log2vis_get_embedding_levels function It seems to be removed by mistake by upstream, since its documentation is still there ===================================================================	أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>	yes	debian upstream
manpages.diff	emphasize that a hyphen is really needed in "-1" by writing it as \(hy1===================================================================	أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>	yes	upstream
CVE-2022-25308.patch	commit ad3a19e6372b1e667128ed1ea2f49919884587e1 Fix the stack buffer overflow issue strlen() could returns 0. Without a conditional check for len, accessing S_ pointer with len - 1 may causes a stack buffer overflow. AddressSanitizer reports this like: ==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0 43b30 sp 0x7ffdce043b28 READ of size 1 at 0x7ffdce043c1f thread T0 #0 0x403546 in main ../bin/fribidi-main.c:393 #1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f) #2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648) #3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4) Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame #0 0x4022bf in main ../bin/fribidi-main.c:193 This frame has 5 object(s): [32, 36) 'option_index' (line 233) [48, 52) 'base' (line 386) [64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable [65328, 130328) 'outstring' (line 385) [130592, 390592) 'logical' (line 384) This fixes https://github.com/fribidi/fribidi/issues/181 diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c index 3cf9fe1..3ae4fb6 100644	Akira TAGOH <akira@tagoh.org>	no			2022-02-17
CVE-2022-25309.patch	commit f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Protected against garbage in the CapRTL encoder diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c index b0c0e4a..f74e010 100644	Dov Grobgeld <dov.grobgeld@gmail.com>	no			2022-03-25
CVE-2022-25310.patch	commit 175850b03e1af251d705c1d04b2b9b3c1c06e48f Fix SEGV issue in fribidi_remove_bidi_marks Escape from fribidi_remove_bidi_marks() immediately if str is null. This fixes https://github.com/fribidi/fribidi/issues/183 diff --git a/lib/fribidi.c b/lib/fribidi.c index f5da0da..70bdab2 100644	Akira TAGOH <akira@tagoh.org>	no			2022-02-17

All known versions for source package 'fribidi'

1.0.13-3 (sid, trixie)
1.0.8-2.1 (bookworm)
1.0.8-2+deb11u1 (bullseye)

Links