Mageia 2020-0411: lout security update
Summary
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.
(CVE-2019-19917)
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.
(CVE-2019-19918)
References
- https://bugs.mageia.org/show_bug.cgi?id=27492
- - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19918
Resolution
MGASA-2020-0411 - Updated lout packages fix security vulnerabilities
SRPMS
- 7/core/lout-3.40-9.1.mga7