Univention Bugzilla – Bug 48784
uriparser: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:31 CET
New Debian uriparser 0.8.4-1+deb9u1 fixes: This update addresses the following issues: * Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199) * NULL pointer dereference via uriResetUri* function (CVE-2018-19200)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/uriparser_0.8.4-1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/uriparser_0.8.4-1+deb9u1.dsc @@ -1,3 +1,13 @@ +0.8.4-1+deb9u1 [Fri, 16 Nov 2018 09:43:24 +0100] Jörg Frings-Fürst <debian@jff.email>: + + * Fix multiple CVEs (Closes: #913817): + - New debian/patches/CVE-2018-19198.patch to fix CVE-2018-19198. + - New debian/patches/CVE-2018-19199.patch to fix CVE-2018-19199. + - New debian/patches/CVE-2018-19200.patch to fix CVE-2018-19200. + * debian/control: + - Change to my new email address. + - Switch Vcs-* to new location. + 0.8.4-1 [Wed, 04 Nov 2015 07:02:13 +0100] Jörg Frings-Fürst <debian@jff-webhosting.net>: * New upstream release. <http://10.200.17.11/4.3-3/#2945276262673026040>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 46c3abf7e7 Bug #48784: uriparser 0.8.4-1+deb9u1 doc/errata/staging/uriparser.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<http://errata.software-univention.de/ucs/4.3/445.html>