Author: carnil
Date: 2016-07-21 14:34:01 +0000 (Thu, 21 Jul 2016)
New Revision: 43340
Modified:
data/CVE/list
Log:
libidn issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-21 14:33:16 UTC (rev 43339)
+++ data/CVE/list 2016-07-21 14:34:01 UTC (rev 43340)
@@ -1,10 +1,10 @@
CVE-2016-6263 [stringprep_utf8_nfkc_normalize reject invalid UTF-8]
- - libidn <unfixed>
+ - libidn 1.33-1
NOTE:
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
NOTE: Test / Fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
(libidn-1-33)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2015-8948 [Solve out-of-bounds-read when reading one zero byte as input]
- - libidn <unfixed>
+ - libidn 1.33-1
NOTE: Fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
(libidn-1-33)
NOTE: When fixing this issue, the followup fix
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
NOTE: is required to fix the problem. (Resultet in followup CVE,
CVE-2016-6262
@@ -14,7 +14,7 @@
NOTE: Follow-up fix for CVE-2015-8948:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
(libidn-1-33)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 [out-of-bounds stack read in idna_to_ascii_4i]
- - libidn <unfixed>
+ - libidn 1.33-1
NOTE:
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
NOTE: Test:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c
(libidn-1-33)
NOTE: Fix:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
(libidn-1-33)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
