Source: uriparser Version: 0.8.6-1 Severity: important Tags: security upstream Control: found -1 0.8.4-1
Hi, The following vulnerabilities were published for uriparser. CVE-2018-19198[0]: | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an | out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* | function because the '&' character is mishandled in certain contexts. CVE-2018-19199[1]: | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an | integer overflow via a uriComposeQuery* or uriComposeQueryEx* function | because of an unchecked multiplication. CVE-2018-19200[2]: | An issue was discovered in uriparser before 0.9.0. UriCommon.c allows | attempted operations on NULL input via a uriResetUri* function. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-19198 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19198 [1] https://security-tracker.debian.org/tracker/CVE-2018-19199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19199 [2] https://security-tracker.debian.org/tracker/CVE-2018-19200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19200 Regards, Salvatore