fribidi (1.0.8-2ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: Incorrect length checking in processing of line input
could result in a stack buffer overflow, resulting in a crash or potential
code execution.
- debian/patches/CVE-2022-25308.patch: add checking to length of string
buffer before processing in bin/fribidi-main.c
- CVE-2022-25308
* SECURITY UPDATE: Insufficient sanitization of input data to the CapRTL
encoder could result in a heap buffer overflow, resulting in a crash or
potential code execution.
- debian/patches/CVE-2022-25309.patch: add checking and removal of
dangerous characters before encoding stage, in
lib/fribidi-char-sets-cap-rtl.c
- CVE-2022-25309
* SECURITY UPDATE: Incorrect handling of string pointer can result in a
crash in fribidi_remove_bidi_marks().
- debian/patches/CVE-2022-25310.patch: add checking for NULL strings,
to avoid potential use-after-free in lib/fribidi.c
- CVE-2022-25310
-- Ray Veldkamp <ray.veldkamp@canonical.com> Tue, 26 Apr 2022 16:01:05 +1000
fribidi (1.0.8-2ubuntu3) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 14:52:57 +0100
fribidi (1.0.8-2ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:11:45 +0200
fribidi (1.0.8-2ubuntu1) hirsute; urgency=medium
* Make autopkgtests cross-test-friendly.
-- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Mar 2021 13:46:42 -0800
fribidi (1.0.8-2build1) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:33:12 +0100
fribidi (1.0.8-2) unstable; urgency=medium
* Add revert_log2vis_get_embedding_levels.diff patch to revert back
fribidi_log2vis_get_embedding_levels function.
It seems to be removed by mistake by upstream, since its documentation is
still there (Closes: #947081)
* Revert last update to symbols file
-- أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net> Sat, 21 Dec 2019 03:11:40 +0100
fribidi (1.0.8-1) unstable; urgency=medium
* New upstream version 1.0.8
* Add Rules-Requires-Root=no
* Set debhelper-compat in build deps
* Refresh manpages.diff patch.
Dropped Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff,
applied upstream
* Update symbols file
-- أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net> Thu, 19 Dec 2019 21:07:01 +0100
fribidi (1.0.7-1.1) unstable; urgency=high
* Non-maintainer upload.
* Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL (CVE-2019-18397)
(Closes: #944327)
-- Salvatore Bonaccorso <carnil@debian.org> Fri, 08 Nov 2019 13:36:50 +0100
fribidi (1.0.7-1) unstable; urgency=medium
* Imported Upstream version 1.0.7
* Drop no-config-h.diff patch, applied upstream
* Update standards version to 4.4.1
* Bumped compat level to 12
* Update copyright years
-- أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net> Thu, 03 Oct 2019 06:03:43 +0200
fribidi (1.0.5-3.1) unstable; urgency=medium
* Non-maintainer upload from the Venlo BSP.
[ Ondřej Nový ]
* d/copyright: Change Format URL to correct one
[ Hugh McMaster ]
* debian/control: Mark libfribidi-dev Multi-Arch: same (Closes: #907792).
* libfribidi0-udeb: Install the shared library files into a multi-arch libdir
(thanks to Samuel Thibault for supplying a patch) (Closes: #917909).
-- Christoph Berg <myon@debian.org> Sat, 12 Jan 2019 13:33:35 +0100
# For older changelog entries, run 'apt-get changelog libfribidi0'
Generated by dwww version 1.14 on Sun Feb 2 11:17:02 CET 2025.