Skip to content

Security: FreedomScientific/liblouis

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

To report a security issue, please email the maintainers (see AUTHORS) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

Our vulnerability management team will respond within 5 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Supported Versions

Security updates are only provided for the latest version of liblouis.

Critical issues

Security problems that originate from loading of liblouis tables are not really considered a security problem, as typically tables are not loaded from untrusted sources.

On the other hand, issues found in the translation code, which deals with untrusted input, are indeed critical and need to be reported.

Hence, issues reported by fuzz_translate and fuzz_translate_generic are most likely critical and we'd appreciate reports. Issues reported by table_fuzzer are not critical and have lower priority.

There aren’t any published security advisories