[SECURITY] Fedora 32 Update: lout-3.40-18.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-869cd99560 2020-10-31 02:01:12.817930 -------------------------------------------------------------------------------- Name : lout Product : Fedora 32 Version : 3.40 Release : 18.fc32 URL : http://savannah.nongnu.org/projects/lout/ Summary : A document formatting system Description : Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on most laser printers and graphic display devices. Plain text output is also available, PDF output is limited but working (e.g. no graphics). Lout is inherently multilingual. Adding new languages is easy. -------------------------------------------------------------------------------- Update Information: Add lout-3.40-cve.patch from https://lists.nongnu.org/archive/html/lout- users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and CVE-2019-19917), two buffer overflows. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 23 2020 Mat��j Cepl <mcepl(a)cepl.eu&gt; - 3.40-18 - Add lout-3.40-cve.patch from https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and CVE-2019-19917), two buffer overflows. * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 3.40-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1787384 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1787384 [ 2 ] Bug #1787385 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1787385 [ 3 ] Bug #1787386 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1787386 [ 4 ] Bug #1787389 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1787389 [ 5 ] Bug #1787390 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1787390 [ 6 ] Bug #1787391 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1787391 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-869cd99560' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------