--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-81c80ff1ed
2020-10-31 01:53:00.658232
--------------------------------------------------------------------------------
Name : lout
Product : Fedora 33
Version : 3.40
Release : 18.fc33
URL :
http://savannah.nongnu.org/projects/lout/
Summary : A document formatting system
Description :
Lout is a document formatting system designed and implemented by Jeffrey
Kingston at the Basser Department of Computer Science, University of
Sydney, Australia. The system reads a high-level description of a document
similar in style to LaTeX and produces a PostScript file which can be
printed on most laser printers and graphic display devices. Plain text
output is also available, PDF output is limited but working (e.g. no
graphics). Lout is inherently multilingual. Adding new languages is easy.
--------------------------------------------------------------------------------
Update Information:
Add lout-3.40-cve.patch from
https://lists.nongnu.org/archive/html/lout-
users/2020-10/msg00013.html fixing rhbz#1787383 and rhbz#1787386
(CVE-2019-19918 and CVE-2019-19917), two buffer overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 23 2020 Mat��j Cepl <mcepl(a)cepl.eu> - 3.40-18
- Add lout-3.40-cve.patch from
https://lists.nongnu.org/archive/html/lout-users/2020-10/msg00013.html
fixing rhbz#1787383 and rhbz#1787386 (CVE-2019-19918 and
CVE-2019-19917), two buffer overflows.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1787384 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1787384
[ 2 ] Bug #1787385 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c
[epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1787385
[ 3 ] Bug #1787386 - CVE-2019-19918 lout: heap-based buffer overflow in srcnext in z02.c
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1787386
[ 4 ] Bug #1787389 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1787389
[ 5 ] Bug #1787390 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c
[epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1787390
[ 6 ] Bug #1787391 - CVE-2019-19917 lout: buffer overflow in StringQuotedWord in z39.c
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1787391
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-81c80ff1ed' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------