Bug#873902: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Hi libidn team, On Fri, Sep 01, 2017 at 06:52:53AM +0200, Salvatore Bonaccorso wrote: > CVE-2017-14062[0]: > | Integer overflow in the decode_digit function in puny_decode.c in > | Libidn2 before 2.0.4 allows remote attackers to cause a denial of > | service or possibly have unspecified other impact. Unless mistaken I think this goes back to all libidn2-0 versions to jessie and affects as well src:libidn. I cloned the bug and reassigned, but let me please know if I oversee something. Regards, Salvatore
Bug#873902: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Source: libidn2-0 Version: 0.10-2 Severity: important Tags: upstream security patch Hi, the following vulnerability was published for libidn2-0. CVE-2017-14062[0]: | Integer overflow in the decode_digit function in puny_decode.c in | Libidn2 before 2.0.4 allows remote attackers to cause a denial of | service or possibly have unspecified other impact. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062 [1] https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd Regards, Salvatore