[ubuntu/trusty-updates] libidn 1.28-1ubuntu2.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Aug 24 14:28:12 UTC 2016
libidn (1.28-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read when reading one zero byte
- debian/patches/CVE-2015-8948.patch: use getline instead of fgets with
fixed-size buffer in gl/Makefile.am, gl/getdelim.c, gl/getline.c,
gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gnulib-cache.m4,
gl/m4/gnulib-comp.m4, gl/m4/realloc.m4, gl/realloc.c, gl/stdint.in.h,
gl/stdlib.in.h, gltests/Makefile.am, gltests/test-getdelim.c,
gltests/test-getline.c, src/idn.c.
- debian/patches/CVE-2016-6262.patch: add extra check in src/idn.c.
- CVE-2015-8948
- CVE-2016-6262
* SECURITY UPDATE: out-of-bounds stack read in idna_to_ascii_4i
- debian/patches/CVE-2016-6261-1.patch: fix out of bounds read in
lib/idna.c.
- debian/patches/CVE-2016-6261-2.patch: fix memory leak in lib/idna.c.
- debian/patches/CVE-2016-6261-3.patch: add test to tests/Makefile.am,
tests/tst_toascii64oob.c.
- CVE-2016-6261
* SECURITY UPDATE: invalid UTF-8 DoS in stringprep_utf8_nfkc_normalize
- debian/patches/CVE-2016-6263.patch: reject invalid UTF-8 in
lib/nfkc.c, tests/Makefile.am, tests/tst_badutf8nfkc.c.
- CVE-2016-6263
* Fix FTBFS caused by docs regeneration
- debian/patches/fix_gdoc.patch: fix gdoc script.
- debian/control: added help2man and texinfo to Build-Depends.
* debian/patches/fix_broken_test.patch: fix broken encoding in test.
Date: 2016-08-23 19:24:13.677939+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libidn/1.28-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list