Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.Referenceshttps://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT6657W5RYH7YECVGNB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html
