Source: espeak-ng X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for espeak-ng. CVE-2023-49990[0]: | Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via | the function SetUpPhonemeTable at synthdata.c. https://github.com/espeak-ng/espeak-ng/issues/1824 CVE-2023-49991[1]: | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer | Underflow via the function CountVowelPosition at synthdata.c. https://github.com/espeak-ng/espeak-ng/issues/1825 CVE-2023-49992[2]: | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow | via the function RemoveEnding at dictionary.c. https://github.com/espeak-ng/espeak-ng/issues/1827 CVE-2023-49993[3]: | Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via | the function ReadClause at readclause.c. https://github.com/espeak-ng/espeak-ng/issues/1826 CVE-2023-49994[4]: | Espeak-ng 1.52-dev was discovered to contain a Floating Point | Exception via the function PeaksToHarmspect at wavegen.c. https://github.com/espeak-ng/espeak-ng/issues/1823 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49990 https://www.cve.org/CVERecord?id=CVE-2023-49990 [1] https://security-tracker.debian.org/tracker/CVE-2023-49991 https://www.cve.org/CVERecord?id=CVE-2023-49991 [2] https://security-tracker.debian.org/tracker/CVE-2023-49992 https://www.cve.org/CVERecord?id=CVE-2023-49992 [3] https://security-tracker.debian.org/tracker/CVE-2023-49993 https://www.cve.org/CVERecord?id=CVE-2023-49993 [4] https://security-tracker.debian.org/tracker/CVE-2023-49994 https://www.cve.org/CVERecord?id=CVE-2023-49994 Please adjust the affected versions in the BTS as needed.
