Univention Bugzilla – Bug 47525
libidn: Multiple issues (4.2)
Last modified: 2018-08-15 16:19:57 CEST
New Debian libidn 1.29-1+deb8u3 fixes: This update addresses the following issue(s): * * Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. (CVE-2017-14062) 1.29-1+deb8u3 (Thu, 26 Jul 2018 20:36:12 +0200) * Fix CVE-2017-14062: An integer overflow vulnerability in libidn's Punycode handling (an encoding used to convert Unicode characters to ASCII) which would have allowed remote attackers to cause a denial of service. Patch taken from wheezy, backported by Chris Lamb. * CVE-2017-14062 libidn2: Integer overflow in puny_decode.c/decode_digit (CVE-2017-14062)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/libidn_1.29-1+deb8u2.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/libidn_1.29-1+deb8u3.dsc @@ -1,3 +1,10 @@ +1.29-1+deb8u3 [Thu, 26 Jul 2018 20:36:12 +0200] Santiago R.R. <santiagorr@riseup.net>: + + * Fix CVE-2017-14062: An integer overflow vulnerability in libidn's Punycode + handling (an encoding used to convert Unicode characters to ASCII) which + would have allowed remote attackers to cause a denial of service. + Patch taken from wheezy, backported by Chris Lamb (Closes: #873903). + 1.29-1+deb8u2 [Mon, 29 Aug 2016 20:48:49 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-4/#2367478163731895478>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 0d5bc2b77a Bug #47525: libidn 1.29-1+deb8u3 doc/errata/staging/libidn.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) [4.2-4] d714749112 Bug #47525: libidn 1.29-1+deb8u3 doc/errata/staging/libidn.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/461.html>