* Patrick Schleizer: > Are you aware of this already? > > [SECURITY NOTICE] libidn with bad UTF8 input > > http://curl.haxx.se/mail/lib-2015-06/0143.html > > Haven’t found anything related on debian.org mailing lists and/or curl's > changelog.
We are aware of it. This will be fixed in libidn because libidn upstream has relented and added additional hardening to the critical string processing functions. It is often not clear where to fix such interpretation conflicts, but if most applications do not enforce the precondition and the precondition is not clearly specified (which is the case with UTF-8, as there are three or more different iterations), then we lean towards fixing the library. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
