Package "libuv1"

Name:	libuv1
Description:	asynchronous event notification library - runtime library
Latest version:	1.34.2-1ubuntu1.5
Release:	focal (20.04)
Level:	security
Repository:	main
Homepage:	https://github.com/libuv/libuv

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libuv1"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libuv1" in Focal

Repository	Area	Version
base	main	1.34.2-1ubuntu1
updates	main	1.34.2-1ubuntu1.5

Packages in group

Deleted packages are displayed in grey.

libuv1-dev

Changelog

Version: 1.34.2-1ubuntu1.5 2024-02-28 15:06:57 UTC

libuv1 (1.34.2-1ubuntu1.5) focal-security; urgency=medium * SECURITY UPDATE: hostname restriction bypass via truncation - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna output in src/idna.c, test/test-idna.c. - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs in src/idna.c, test/test-idna.c. - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid IDNA in test/test-idna.c. - CVE-2024-24806 * debian/patches/riscv64-skip-tcp-timeout.patch: skip unstable test on riscv64 that keeps causing a FTBFS. -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:47 -0500

Source diff to previous version

CVE-2024-24806

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its window

Version: 1.34.2-1ubuntu1.3 2021-07-07 14:06:25 UTC

Version: 1.34.2-1ubuntu1.3	2021-07-07 14:06:25 UTC
libuv1 (1.34.2-1ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-22918.patch: fix OOB read in punycode decoder src/idna.c, test/test-idna.c, test/test-list.h and skip test-tcp-writealot in riscv64. - CVE-2021-22918 * debian/rules: bump timeout multiplier for tests in slow arch and adding -no-parallel. -- Leonidas Da Silva Barbosa <email address hidden> Mon, 05 Jul 2021 14:32:59 -0300
Source diff to previous version

libuv1 (1.34.2-1ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-22918.patch: fix OOB read in punycode decoder src/idna.c, test/test-idna.c, test/test-list.h and skip test-tcp-writealot in riscv64. - CVE-2021-22918 * debian/rules: bump timeout multiplier for tests in slow arch and adding -no-parallel. -- Leonidas Da Silva Barbosa <email address hidden> Mon, 05 Jul 2021 14:32:59 -0300

Source diff to previous version

Version: 1.34.2-1ubuntu1.1 2020-09-28 16:06:22 UTC

libuv1 (1.34.2-1ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2020-8252.patch: fix buffer overruns when processing very long paths in uv_fs_readlink() in src/unix/internal.h. - CVE-2020-8252 -- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Sep 2020 10:37:02 -0300

CVE-2020-8252

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can resul

About - Send Feedback to @ubuntu_updates

Package "libuv1"

Links

Download "libuv1"

Other versions of "libuv1" in Focal

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates