Details: https://nvd.nist.gov/vuln/detail/CVE-2019-16707
Pick the patch that resolves the Github issue[1] that tracked this vulnerability. [1]: https://github.com/hunspell/hunspell/issues/624 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../hunspell/hunspell/CVE-2019-16707.patch | 25 +++++++++++++++++++ .../hunspell/hunspell_1.7.0.bb | 4 ++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch diff --git a/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch new file mode 100644 index 0000000000..d3a95dadf2 --- /dev/null +++ b/meta-oe/recipes-support/hunspell/hunspell/CVE-2019-16707.patch @@ -0,0 +1,25 @@ +From ded6e233588c1082db9d84dc57a9d200cd306b26 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <[email protected]> +Date: Tue, 12 Nov 2019 20:03:15 +0000 +Subject: [PATCH] invalid read memory access #624 + +CVE: CVE-2019-16707 +Upstream-Status: Backport [https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/hunspell/suggestmgr.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx +index dba084e..c23f165 100644 +--- a/src/hunspell/suggestmgr.cxx ++++ b/src/hunspell/suggestmgr.cxx +@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( + int l2 = su2.size(); + // decapitalize dictionary word + if (complexprefixes) { +- if (su1[l1 - 1] == su2[l2 - 1]) ++ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) + return 1; + } else { + unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l; diff --git a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb index 8d4dd5254e..c1a1585d99 100644 --- a/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb +++ b/meta-oe/recipes-support/hunspell/hunspell_1.7.0.bb @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = " \ " SRCREV = "4ddd8ed5ca6484b930b111aec50c2750a6119a0f" -SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https" +SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ + file://CVE-2019-16707.patch \ + " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122926): https://lists.openembedded.org/g/openembedded-devel/message/122926 Mute This Topic: https://lists.openembedded.org/mt/116941577/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
