UbuntuUpdates.org

Package "libidn2"

Name: libidn2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Internationalized domain names (IDNA2008/TR46) library
  • Internationalized domain names (IDNA2008/TR46) development files [dummy]
  • Internationalized domain names (IDNA2008/TR46) development files
  • Internationalized domain names (IDNA2008/TR46) documentation

Latest version: 2.0.4-1.1ubuntu0.2
Release: bionic (18.04)
Level: updates
Repository: main

Links



Other versions of "libidn2" in Bionic

Repository Area Version
base universe 2.0.4-1.1build2
security main 2.0.4-1.1ubuntu0.2
security universe 2.0.4-1.1ubuntu0.2
updates universe 2.0.4-1.1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.4-1.1ubuntu0.2 2019-10-29 14:07:04 UTC

  libidn2 (2.0.4-1.1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2019-18224.patch: Restrict output length to 63
      in lib/lookup.c.
    - CVE-2019-18224
  * SECURITY UPDATE: Domain impersonate
    - debian/patches/CVE-2019-12290.patch: Perform A-Label roundtrip for
      lookup functions by default in lib/error.c, lib/idn2.h.in,
      lib/lookup.c, src/blurbs.h, src/idn2.c, src/idn2.ggo.
    - CVE-2019-12290

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Oct 2019 15:02:27 -0300

CVE-2019-18224 idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.
CVE-2019-12290 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it p



About   -   Send Feedback to @ubuntu_updates