UbuntuUpdates.org

Package "libidn2-0-dev"

Name: libidn2-0-dev

Description:

Internationalized domain names (IDNA2008/TR46) development files [dummy]

Latest version: 2.0.4-1.1ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: main
Head package: libidn2
Homepage: https://www.gnu.org/software/libidn/#libidn2

Links


Download "libidn2-0-dev"


Other versions of "libidn2-0-dev" in Bionic

Repository Area Version
base main 2.0.4-1.1build2
updates main 2.0.4-1.1ubuntu0.2

Changelog

Version: 2.0.4-1.1ubuntu0.2 2019-10-29 14:07:03 UTC

  libidn2 (2.0.4-1.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2019-18224.patch: Restrict output length to 63
      in lib/lookup.c.
    - CVE-2019-18224
  * SECURITY UPDATE: Domain impersonate
    - debian/patches/CVE-2019-12290.patch: Perform A-Label roundtrip for
      lookup functions by default in lib/error.c, lib/idn2.h.in,
      lib/lookup.c, src/blurbs.h, src/idn2.c, src/idn2.ggo.
    - CVE-2019-12290

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Oct 2019 15:02:27 -0300

CVE-2019-18224 idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
CVE-2019-12290 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it p



About   -   Send Feedback to @ubuntu_updates