On Fri, 01 Sep 2017 06:52:53 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: libidn2-0 > Version: 0.10-2 > Severity: important > Tags: upstream security patch > > Hi, > > the following vulnerability was published for libidn2-0. > > CVE-2017-14062[0]: > | Integer overflow in the decode_digit function in puny_decode.c in > | Libidn2 before 2.0.4 allows remote attackers to cause a denial of > | service or possibly have unspecified other impact. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-14062 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062 > [1] > https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
Just backported the fix from libidn2 into libidn upstream (commit e9e81b8063b095b02cf104bb992fa9bf9515b9d8). Regards, Tim
signature.asc
Description: OpenPGP digital signature