Package "libuv1"

Name: libuv1


asynchronous event notification library - runtime library

Latest version: 1.44.2-1ubuntu0.1
Release: mantic (23.10)
Level: updates
Repository: main
Homepage: https://github.com/libuv/libuv


Download "libuv1"

Other versions of "libuv1" in Mantic

Repository Area Version
base main 1.44.2-1
security main 1.44.2-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Version: 1.44.2-1ubuntu0.1 2024-02-28 16:07:01 UTC

  libuv1 (1.44.2-1ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: hostname restriction bypass via truncation
    - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
      output in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
      in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
      IDNA in test/test-idna.c.
    - CVE-2024-24806

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:37:10 -0500

CVE-2024-24806 libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its window

About   -   Send Feedback to @ubuntu_updates