[ubuntu/noble-proposed] libuv1 1.46.0-3ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 14 18:03:11 UTC 2024
libuv1 (1.46.0-3ubuntu1) noble; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
Date: Wed, 14 Feb 2024 12:33:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libuv1/1.46.0-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 14 Feb 2024 12:33:50 -0500
Source: libuv1
Built-For-Profiles: noudeb
Architecture: source
Version: 1.46.0-3ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
libuv1 (1.46.0-3ubuntu1) noble; urgency=medium
.
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
Checksums-Sha1:
f4ff1047df55f42ed55736037dfe531aea7f73ca 2093 libuv1_1.46.0-3ubuntu1.dsc
eb987c5e6693d4b4cb5c5c545cd62cdd0489628b 22844 libuv1_1.46.0-3ubuntu1.debian.tar.xz
0ee5c40d59adad9afc5109b78c6b2b72a6cc1a44 7427 libuv1_1.46.0-3ubuntu1_source.buildinfo
Checksums-Sha256:
8df49f2e684b3925cd782a8de16cba8e6303948c3073aa904f1a168d93486ace 2093 libuv1_1.46.0-3ubuntu1.dsc
5a0a3daee954fa7f9e53caf2aa345d335eff0154e69ba8fd3024e13056c89d32 22844 libuv1_1.46.0-3ubuntu1.debian.tar.xz
62ad59f1aa8af317113018e11e8cf90161f740c81622efaa6d8b4bd33f3490b8 7427 libuv1_1.46.0-3ubuntu1_source.buildinfo
Files:
3f185bf90ff06bed56d2d5ae1efbed12 2093 libs optional libuv1_1.46.0-3ubuntu1.dsc
85872364791fd4e13396e418b7c2a0bf 22844 libs optional libuv1_1.46.0-3ubuntu1.debian.tar.xz
aca707c227031f95e2fd58a64af3522f 7427 libs optional libuv1_1.46.0-3ubuntu1_source.buildinfo
Original-Maintainer: Dominique Dumont <dod at debian.org>
More information about the noble-changes
mailing list