[SECURITY] Fedora 39 Update: espeak-ng-1.51.1-6.fc39

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-5661c87b25 2024-01-10 01:08:15.840276 -------------------------------------------------------------------------------- Name : espeak-ng Product : Fedora 39 Version : 1.51.1 Release : 6.fc39 URL : https://github.com/espeak-ng/espeak-ng Summary : eSpeak NG Text-to-Speech Description : The eSpeak NG (Next Generation) Text-to-Speech program is an open source speech synthesizer that supports over 70 languages. It is based on the eSpeak engine created by Jonathan Duddington. It uses spectral formant synthesis by default which sounds robotic, but can be configured to use Klatt formant synthesis or MBROLA to give it a more natural sound. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 3 2024 Jaroslav ��karvada <jskarvad(a)redhat.com&gt; - 1.51.1-6 - Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c Resolves: CVE-2023-49990 - Fixed buffer underflow in CountVowelPosition function at synthdata.c Resolves: CVE-2023-49991 - Fixed buffer overflow in RemoveEnding at dictionary.c Resolves: CVE-2023-49992 - Fixed buffer overflow in ReadClause function at readclause.c Resolves: CVE-2023-49993 - Fixed floating point exception in PeaksToHarmspect at wavegen.c Resolves: CVE-2023-49994 * Tue Jan 2 2024 Tomas Korbar <tkorbar(a)redhat.com&gt; - 1.51.1-5 - Change license tag so it fully conforms to SPDX -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254229 - CVE-2023-49990 espeak-ng: buffer overflow in SetUpPhonemeTable function at synthdata.c https://bugzilla.redhat.com/show_bug.cgi?id=2254229 [ 2 ] Bug #2254231 - CVE-2023-49991 espeak-ng: buffer underflow in CountVowelPosition function at synthdata.c https://bugzilla.redhat.com/show_bug.cgi?id=2254231 [ 3 ] Bug #2254232 - CVE-2023-49992 espeak-ng: buffer overflow in RemoveEnding at dictionary.c https://bugzilla.redhat.com/show_bug.cgi?id=2254232 [ 4 ] Bug #2254233 - CVE-2023-49993 espeak-ng: buffer overflow in ReadClause function at readclause.c https://bugzilla.redhat.com/show_bug.cgi?id=2254233 [ 5 ] Bug #2254235 - CVE-2023-49994 espeak-ng: floating point exception in PeaksToHarmspect at wavegen.c https://bugzilla.redhat.com/show_bug.cgi?id=2254235 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-5661c87b25' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------