--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-5661c87b25
2024-01-10 01:08:15.840276
--------------------------------------------------------------------------------
Name : espeak-ng
Product : Fedora 39
Version : 1.51.1
Release : 6.fc39
URL :
https://github.com/espeak-ng/espeak-ng
Summary : eSpeak NG Text-to-Speech
Description :
The eSpeak NG (Next Generation) Text-to-Speech program is an open source speech
synthesizer that supports over 70 languages. It is based on the eSpeak engine
created by Jonathan Duddington. It uses spectral formant synthesis by default
which sounds robotic, but can be configured to use Klatt formant synthesis
or MBROLA to give it a more natural sound.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993,
CVE-2023-49994.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 3 2024 Jaroslav ��karvada <jskarvad(a)redhat.com> - 1.51.1-6
- Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c
Resolves: CVE-2023-49990
- Fixed buffer underflow in CountVowelPosition function at synthdata.c
Resolves: CVE-2023-49991
- Fixed buffer overflow in RemoveEnding at dictionary.c
Resolves: CVE-2023-49992
- Fixed buffer overflow in ReadClause function at readclause.c
Resolves: CVE-2023-49993
- Fixed floating point exception in PeaksToHarmspect at wavegen.c
Resolves: CVE-2023-49994
* Tue Jan 2 2024 Tomas Korbar <tkorbar(a)redhat.com> - 1.51.1-5
- Change license tag so it fully conforms to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2254229 - CVE-2023-49990 espeak-ng: buffer overflow in SetUpPhonemeTable
function at synthdata.c
https://bugzilla.redhat.com/show_bug.cgi?id=2254229
[ 2 ] Bug #2254231 - CVE-2023-49991 espeak-ng: buffer underflow in CountVowelPosition
function at synthdata.c
https://bugzilla.redhat.com/show_bug.cgi?id=2254231
[ 3 ] Bug #2254232 - CVE-2023-49992 espeak-ng: buffer overflow in RemoveEnding at
dictionary.c
https://bugzilla.redhat.com/show_bug.cgi?id=2254232
[ 4 ] Bug #2254233 - CVE-2023-49993 espeak-ng: buffer overflow in ReadClause function at
readclause.c
https://bugzilla.redhat.com/show_bug.cgi?id=2254233
[ 5 ] Bug #2254235 - CVE-2023-49994 espeak-ng: floating point exception in
PeaksToHarmspect at wavegen.c
https://bugzilla.redhat.com/show_bug.cgi?id=2254235
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-5661c87b25' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------