On Mon, Aug 19, 2019 at 04:33:40PM -0400, Kevin Atkinson wrote: > On Mon, 19 Aug 2019, Salvatore Bonaccorso wrote: > > > See https://lists.gnu.org/archive/html/aspell-announce/2019-08/msg00000.html > > > Within Debian the "pumpa" will need an update. Others might be > > required as well. Kevin Atkinson might be up for help if needed. > Also see http://aspell.net/buffer-overread-ucs.txt for a slightly improved > version of the announcement that I edited for clarity.
Hi all, This message is sent to all packages that depend in some way on libaspell15 (pdo addresses bcc'ed) A potentially unbounded buffer over-read has been found in in GNU Aspell 0.60.*. Package aspell 0.60.7-1 has been uploaded to Debian experimental, including upstream patch to deal with this problem. Unfortunately this fix may break applications that use null-terminated UCS-2 or UCS-4 strings with the C API. These applications will need to be fixed to make use of the new more secure API in order to continue to have a functional spell checker. Most applications use UTF-8 strings and thus do not need to be fixed. Please read http://aspell.net/buffer-overread-ucs.txt (and the original announcement in https://lists.gnu.org/archive/html/aspell-announce/2019-08/msg00000.html) for details and check if your package is affected. That file and new aspell manual, contain information about what to do if that happens. I would like to leave aspell package in experimental for one week to allow possibly affected packages to be checked and fixed if appropriate. Since there is no longer a dict-common-dev mailing list, please use this bug report to notify if your package is affected and if you need more time before new aspell with that fix is uploaded to sid. If you need additional help, please contact the aspell-devel mailing list (https://lists.gnu.org/mailman/listinfo/aspell-devel). Regards,