Source: uriparser Version: 0.9.8+dfsg-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for uriparser. CVE-2026-44927[0]: | In uriparser before 1.0.2, there is pointer difference truncation to | int in various places. CVE-2026-44928[1]: | In uriparser before 1.0.2, the function family EqualsUri can | misclassify two unequal URIs as equal. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-44927 https://www.cve.org/CVERecord?id=CVE-2026-44927 https://github.com/uriparser/uriparser/pull/304 [1] https://security-tracker.debian.org/tracker/CVE-2026-44928 https://www.cve.org/CVERecord?id=CVE-2026-44928 https://github.com/uriparser/uriparser/pull/305 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
