On Fri, Aug 30, 2019 at 10:31:47AM +0200, Agustin Martin wrote: > On Thu, Aug 29, 2019 at 12:20:28AM +0200, Agustin Martin wrote: > > On Mon, Aug 19, 2019 at 04:33:40PM -0400, Kevin Atkinson wrote: > > > On Mon, 19 Aug 2019, Salvatore Bonaccorso wrote: > > > > > > > See > > > > https://lists.gnu.org/archive/html/aspell-announce/2019-08/msg00000.html > > > > > > > Within Debian the "pumpa" will need an update. Others might be > > > > required as well. Kevin Atkinson might be up for help if needed. > > > Also see http://aspell.net/buffer-overread-ucs.txt for a slightly improved > > > version of the announcement that I edited for clarity. > > > > Hi all, > > > > This message is sent to all packages that depend in some way on > > libaspell15 (pdo addresses bcc'ed) > > > > A potentially unbounded buffer over-read has been found in in GNU > > Aspell 0.60.*. Package aspell 0.60.7-1 has been uploaded to Debian > > experimental, including upstream patch to deal with this problem. > > > > Unfortunately this fix may break applications that use null-terminated > > UCS-2 or UCS-4 strings with the C API. These applications will need > > to be fixed to make use of the new more secure API in order to > > continue to have a functional spell checker. > > This is the list of non aspell packages depending on libaspell15 which > are possibly affected (maintainers bcc'ed), > > eiskaltdcpp-qt > enchant > gnustep-gui-runtime > inkscape > kdelibs5-plugins > libenchant1c2a > libenchant2 > libenchant-voikko > librcc0 > libtext-aspell-perl > mcabber > php7.3-pspell > pumpa > raspell > sonnet-plugins > tea > weechat-plugins > xmlcopyeditor > yagf > > -- > Agustin
Hi Agustin, WeeChat aspell plugin uses only UTF-8 strings for Aspell and should therefore not be affected by these changes. -- Sébastien Helleu web: weechat.org / flashtux.org irc: FlashCode @ irc.freenode.net
