[ubuntu/noble-proposed] libuv1 1.46.0-3ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Feb 14 18:03:11 UTC 2024 

libuv1 (1.46.0-3ubuntu1) noble; urgency=medium

  * SECURITY UPDATE: hostname restriction bypass via truncation
    - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
      output in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
      in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
      IDNA in test/test-idna.c.
    - CVE-2024-24806

Date: Wed, 14 Feb 2024 12:33:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libuv1/1.46.0-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 14 Feb 2024 12:33:50 -0500
Source: libuv1
Built-For-Profiles: noudeb
Architecture: source
Version: 1.46.0-3ubuntu1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libuv1 (1.46.0-3ubuntu1) noble; urgency=medium
 .
   * SECURITY UPDATE: hostname restriction bypass via truncation
     - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
       output in src/idna.c, test/test-idna.c.
     - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
       in src/idna.c, test/test-idna.c.
     - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
       IDNA in test/test-idna.c.
     - CVE-2024-24806
Checksums-Sha1:
 f4ff1047df55f42ed55736037dfe531aea7f73ca 2093 libuv1_1.46.0-3ubuntu1.dsc
 eb987c5e6693d4b4cb5c5c545cd62cdd0489628b 22844 libuv1_1.46.0-3ubuntu1.debian.tar.xz
 0ee5c40d59adad9afc5109b78c6b2b72a6cc1a44 7427 libuv1_1.46.0-3ubuntu1_source.buildinfo
Checksums-Sha256:
 8df49f2e684b3925cd782a8de16cba8e6303948c3073aa904f1a168d93486ace 2093 libuv1_1.46.0-3ubuntu1.dsc
 5a0a3daee954fa7f9e53caf2aa345d335eff0154e69ba8fd3024e13056c89d32 22844 libuv1_1.46.0-3ubuntu1.debian.tar.xz
 62ad59f1aa8af317113018e11e8cf90161f740c81622efaa6d8b4bd33f3490b8 7427 libuv1_1.46.0-3ubuntu1_source.buildinfo
Files:
 3f185bf90ff06bed56d2d5ae1efbed12 2093 libs optional libuv1_1.46.0-3ubuntu1.dsc
 85872364791fd4e13396e418b7c2a0bf 22844 libs optional libuv1_1.46.0-3ubuntu1.debian.tar.xz
 aca707c227031f95e2fd58a64af3522f 7427 libs optional libuv1_1.46.0-3ubuntu1_source.buildinfo
Original-Maintainer: Dominique Dumont <dod at debian.org>

More information about the noble-changes mailing list