Hello community, here is the log from the commit of package hunspell for openSUSE:Factory checked in at 2020-06-11 14:45:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hunspell (Old) and /work/SRC/openSUSE:Factory/.hunspell.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hunspell" Thu Jun 11 14:45:16 2020 rev:53 rq:812791 version:1.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/hunspell/hunspell.changes 2018-11-20 22:23:18.402917996 +0100 +++ /work/SRC/openSUSE:Factory/.hunspell.new.3606/hunspell.changes 2020-06-11 14:45:45.841568135 +0200 @@ -1,0 +2,8 @@ +Tue Jun 9 07:19:19 UTC 2020 - [email protected] + +- security update +- added patches + fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx + + hunspell-CVE-2019-16707.patch + +------------------------------------------------------------------- New: ---- hunspell-CVE-2019-16707.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hunspell.spec ++++++ --- /var/tmp/diff_new_pack.cC7WXx/_old 2020-06-11 14:45:46.537570162 +0200 +++ /var/tmp/diff_new_pack.cC7WXx/_new 2020-06-11 14:45:46.541570173 +0200 @@ -1,7 +1,7 @@ # # spec file for package hunspell # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,8 @@ URL: https://hunspell.github.io Source0: https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: baselibs.conf +# CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx +Patch0: hunspell-CVE-2019-16707.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison @@ -80,6 +82,7 @@ %prep %setup -q +%patch0 -p1 %build # latest released tarball does not contain generated configure ++++++ hunspell-CVE-2019-16707.patch ++++++ diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx index dba084e9..c23f165a 100644 --- a/src/hunspell/suggestmgr.cxx +++ b/src/hunspell/suggestmgr.cxx @@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( int l2 = su2.size(); // decapitalize dictionary word if (complexprefixes) { - if (su1[l1 - 1] == su2[l2 - 1]) + if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) return 1; } else { unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
