-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 28 Jul 2016 16:11:26 -0300 Source: libidn Binary: idn libidn11-dev libidn11 libidn11-java Architecture: source amd64 all Version: 1.25-2+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Libidn Team <help-lib...@gnu.org> Changed-By: Lucas Kanashiro <kanash...@debian.org> Description: idn - Command line and Emacs interface to GNU Libidn libidn11 - GNU Libidn library, implementation of IETF IDN specifications libidn11-dev - Development files for GNU Libidn, an IDN library libidn11-java - Java port of the GNU Libidn library, an IDN implementation Changes: libidn (1.25-2+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-6263, stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data. Reported by Hanno Böck. * Fix CVE-2016-6261, fix out-of-bounds stack read in idna_to_ascii_4i. See tests/tst_toascii64oob.c for regression check (and the comment in it how to use it). Reported by Hanno Böck. * Fix CVE-2015-8948, solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Böck. Checksums-Sha1: bd841af0e962df246e9c83309f6737c4053e8e97 2181 libidn_1.25-2+deb7u2.dsc 7a8a0b179db4f16aefdab804934ebcfe1b89797d 31241 libidn_1.25-2+deb7u2.debian.tar.gz 0a787bc3d83478a45872278bce3c1c8a9f0b5037 131566 idn_1.25-2+deb7u2_amd64.deb e51fd81005e6cffdc3cec7f273e92e8ca61fcf24 666882 libidn11-dev_1.25-2+deb7u2_amd64.deb bba2210d81681c8ef83becaf8d50cc5e086ffb3e 179674 libidn11_1.25-2+deb7u2_amd64.deb 11fd4ae81f6cf7ee3959041c6478bcc4bde0f111 281532 libidn11-java_1.25-2+deb7u2_all.deb Checksums-Sha256: 32a0233e9ccae9894b07e7c0015488af41f53c76404876645f2a119048236150 2181 libidn_1.25-2+deb7u2.dsc 7d87c19a4b9307b8189b97d3d5922fbb392a669d3d92e9d528fcf976fb6f54b4 31241 libidn_1.25-2+deb7u2.debian.tar.gz b8b5a3792845297374886531c2284c06298f35713049d592387db595974c2bc2 131566 idn_1.25-2+deb7u2_amd64.deb a25772898fc6e232bc0cd98a98e29a7e895e00e61251e2e764043c84f77946a2 666882 libidn11-dev_1.25-2+deb7u2_amd64.deb 62abf7bcf12ed0a5b9888ffbf2ddb95780d762f00f073b1d1b76a17e5baad87b 179674 libidn11_1.25-2+deb7u2_amd64.deb 94dd800fc232f9a6c230b58f938a2dc15602cfe784e1cbf083a3f7f74000f8a9 281532 libidn11-java_1.25-2+deb7u2_all.deb Files: 0186bc7c8cab59ebe8cd9ff43d60ae3f 2181 libs optional libidn_1.25-2+deb7u2.dsc bf06fac1f0d0206b62463387c8bd6de6 31241 libs optional libidn_1.25-2+deb7u2.debian.tar.gz 5c136eb7a355b9b330bfba3ad0dedcf9 131566 misc optional idn_1.25-2+deb7u2_amd64.deb 9b1625f38ea4d5680aecde6a34a73262 666882 libdevel optional libidn11-dev_1.25-2+deb7u2_amd64.deb 2f2190547d27293997376d45bfd6a313 179674 libs standard libidn11_1.25-2+deb7u2_amd64.deb c1e536f862965fda25a460d9b7419f70 281532 java optional libidn11-java_1.25-2+deb7u2_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJXoLBrAAoJEPgjonKYg8l8na0QAJ9GvcNZCj/NJWWMeh1JO2IJ 54H0SNMZZM6Ra8iKHeuVduTFM3j7fqSgY5OVwqSTM7wtKoYe+/1FbL+ttD2GW7Fl FMtXugDM0cvibxFNneOdVSJjTk22FHRO0x5KboQNcg0/gT0//iVY2eQMSCa9KQLz 8TMCcSI7ZhW2O6DOcTKYyTUwVkBTcKk1WxQ8R9/rNZD5weL5g5XqhWN24WhTKeBm du7l9/HVb9+13wSLZsrLeQZ5sVi1OwpAIXt0uICvdOe2Wi0b9w9wtVifKOkoL0Lm v3pjbkPOsNVW9C2q6a7NXfo6/BPks8kfwUFTFU4xDeyqvymZU+R7mmmWS1DdIYFE 4JEip+1XMP7aLFGE8wLdD0ugpgw5xLcos8aMnP7wahDLKMdFLtv7mecxTA9bSv9r NuYpD8/SRmQnWoOQ4zMIThRg4u0XiM97lCqRDRi/PV8qZ6+qtAJ/iOFehOGLW4y4 h1JK3IpXvIRk+Um99YkOU6o1jAsl2qx+bjIhnW7p/8uxN8OOmavPxBVlxEZhRuRb N+tYrWK1+nHMuTUJx2TVFxsCBG6jASdRZhh87/5DSMtRF/uaMzkO/sekhLluJ5G6 pgmAbYU2M91yQggYg0n9XDr5cdE02okuQ+NNK9lOH9mEVe8zs0ijiOpj2d4qPXvc Td9djbdyy+iyjAWh/hBN =MOkw -----END PGP SIGNATURE-----