Source: texlive-bin X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for OFTCC, which starting with some texlive release after Bullseye gets included in texlive (web2c/mfluadir): https://cvjark.github.io/2022/07/06/CVE-2022-33047/ CVE-2022-35486[0]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x6badae. CVE-2022-35485[1]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x703969. CVE-2022-35484[2]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x6b6a8f. CVE-2022-35483[3]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x5266a8. CVE-2022-35482[4]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x65f724. CVE-2022-35481[5]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /multiarch/memmove-vec-unaligned-erms.S. CVE-2022-35479[6]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x4fbbb6. CVE-2022-35478[7]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x6babea. CVE-2022-35477[8]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x4fe954. CVE-2022-35476[9]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x4fbc0b. CVE-2022-35475[10]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6e41a8. CVE-2022-35474[11]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6b544e. CVE-2022-35473[12]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /release-x64/otfccdump+0x4fe9a7. CVE-2022-35472[13]: | OTFCC v0.10.4 was discovered to contain a global overflow via | /release-x64/otfccdump+0x718693. CVE-2022-35471[14]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6e41b0. CVE-2022-35470[15]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x65fc97. CVE-2022-35469[16]: | OTFCC v0.10.4 was discovered to contain a segmentation violation via | /x86_64-linux-gnu/libc.so.6+0xbb384. CVE-2022-35468[17]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6e420d. CVE-2022-35467[18]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6e41b8. CVE-2022-35466[19]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6c0473. CVE-2022-35465[20]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6c0414. CVE-2022-35464[21]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6171b2. CVE-2022-35463[22]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6b0478. CVE-2022-35462[23]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6c0bc3. CVE-2022-35461[24]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6c0a32. CVE-2022-35460[25]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x61731f. CVE-2022-35459[26]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6e412a. CVE-2022-35458[27]: | OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via | /release-x64/otfccdump+0x6b05ce. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-35486 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35486 [1] https://security-tracker.debian.org/tracker/CVE-2022-35485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35485 [2] https://security-tracker.debian.org/tracker/CVE-2022-35484 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35484 [3] https://security-tracker.debian.org/tracker/CVE-2022-35483 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35483 [4] https://security-tracker.debian.org/tracker/CVE-2022-35482 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35482 [5] https://security-tracker.debian.org/tracker/CVE-2022-35481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35481 [6] https://security-tracker.debian.org/tracker/CVE-2022-35479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35479 [7] https://security-tracker.debian.org/tracker/CVE-2022-35478 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35478 [8] https://security-tracker.debian.org/tracker/CVE-2022-35477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35477 [9] https://security-tracker.debian.org/tracker/CVE-2022-35476 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35476 [10] https://security-tracker.debian.org/tracker/CVE-2022-35475 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35475 [11] https://security-tracker.debian.org/tracker/CVE-2022-35474 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35474 [12] https://security-tracker.debian.org/tracker/CVE-2022-35473 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35473 [13] https://security-tracker.debian.org/tracker/CVE-2022-35472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35472 [14] https://security-tracker.debian.org/tracker/CVE-2022-35471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35471 [15] https://security-tracker.debian.org/tracker/CVE-2022-35470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35470 [16] https://security-tracker.debian.org/tracker/CVE-2022-35469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35469 [17] https://security-tracker.debian.org/tracker/CVE-2022-35468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35468 [18] https://security-tracker.debian.org/tracker/CVE-2022-35467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35467 [19] https://security-tracker.debian.org/tracker/CVE-2022-35466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35466 [20] https://security-tracker.debian.org/tracker/CVE-2022-35465 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35465 [21] https://security-tracker.debian.org/tracker/CVE-2022-35464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35464 [22] https://security-tracker.debian.org/tracker/CVE-2022-35463 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35463 [23] https://security-tracker.debian.org/tracker/CVE-2022-35462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35462 [24] https://security-tracker.debian.org/tracker/CVE-2022-35461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35461 [25] https://security-tracker.debian.org/tracker/CVE-2022-35460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35460 [26] https://security-tracker.debian.org/tracker/CVE-2022-35459 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35459 [27] https://security-tracker.debian.org/tracker/CVE-2022-35458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35458 Please adjust the affected versions in the BTS as needed.
