UbuntuUpdates.org

Package "libidn"

Name: libidn

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU Libidn library, implementation of IETF IDN specifications
  • Development files for GNU Libidn, an IDN library

Latest version: 1.23-2ubuntu0.2
Release: precise (12.04)
Level: security
Repository: main

Links



Other versions of "libidn" in Precise

Repository Area Version
base main 1.23-2
base universe 1.23-2
security universe 1.23-2ubuntu0.2
updates main 1.23-2ubuntu0.2
updates universe 1.23-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.23-2ubuntu0.2 2021-05-03 14:07:21 UTC

  libidn (1.23-2ubuntu0.2) precise-security; urgency=medium

  [ Marc Deslauries ]
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2017-14062.patch: fix integer overflow
      in punycode.c.
    - CVE-2017-14062

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Oct 2017 17:12:16 -0300

Source diff to previous version
CVE-2017-14062 Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possib

Version: 1.23-2ubuntu0.1 2016-08-24 15:06:46 UTC

  libidn (1.23-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read when reading one zero byte
    - debian/patches/CVE-2015-8948.patch: use getline instead of fgets with
      fixed-size buffer in gl/Makefile.am, gl/getdelim.c, gl/getline.c,
      gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gnulib-cache.m4,
      gl/m4/gnulib-comp.m4, gl/m4/realloc.m4, gl/realloc.c, gl/stdint.in.h,
      gl/stdlib.in.h, gltests/Makefile.am, gltests/test-getdelim.c,
      gltests/test-getline.c, src/idn.c.
    - debian/patches/CVE-2016-6262.patch: add extra check in src/idn.c.
    - CVE-2015-8948
    - CVE-2016-6262
  * SECURITY UPDATE: out-of-bounds stack read in idna_to_ascii_4i
    - debian/patches/CVE-2016-6261-1.patch: fix out of bounds read in
      lib/idna.c.
    - debian/patches/CVE-2016-6261-2.patch: fix memory leak in lib/idna.c.
    - debian/patches/CVE-2016-6261-3.patch: add test to tests/Makefile.am,
      tests/tst_toascii64oob.c.
    - CVE-2016-6261
  * SECURITY UPDATE: invalid UTF-8 DoS in stringprep_utf8_nfkc_normalize
    - debian/patches/CVE-2016-6263.patch: reject invalid UTF-8 in
      lib/nfkc.c, tests/Makefile.am, tests/tst_badutf8nfkc.c.
    - CVE-2016-6263
  * debian/rules: build with dh-autoreconf.
  * debian/control: added dh-autoreconf and autopoint to Build-Depends.
  * debian/patches/fix_broken_test.patch: fix broken encoding in test.

 -- Marc Deslauriers <email address hidden> Tue, 23 Aug 2016 14:32:46 -0400

CVE-2015-8948 Solve out-of-bounds-read when reading one zero byte as input
CVE-2016-6262 Solve out-of-bounds-read when reading one zero byte as input
CVE-2016-6261 out-of-bounds stack read in idna_to_ascii_4i
CVE-2016-6263 stringprep_utf8_nfkc_normalize reject invalid UTF-8



About   -   Send Feedback to @ubuntu_updates