[ubuntu/disco-security] libidn2 2.0.5-1ubuntu0.3 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Oct 29 12:54:52 UTC 2019
libidn2 (2.0.5-1ubuntu0.3) disco-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2019-18224.patch: Restrict output length to 63
in lib/lookup.c.
- CVE-2019-18224
- debian/control: returning texinfo to Build-Depends since
for other archs than amd64 build fails with -Indep, since it
always detect a file change (by a patch as example) and recreate
docs.
* SECURITY UPDATE: Domain impersonate
- debian/patches/CVE-2019-12290.patch: Perform A-Label roundtrip for
lookup functions by default in lib/error.c, lib/idn2.h.in,
lib/lookup.c, src/blurbs.h, src/idn2.c, src/idn2.ggo.
- CVE-2019-12290
Date: 2019-10-28 18:41:15.463008+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/libidn2/2.0.5-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list