Bug#873904: libidn2-0: CVE-2017-14061: integer overflow in

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#873904: libidn2-0: CVE-2017-14061: integer overflow in _isBidi funct

From:	Salvatore Bonaccorso
Subject:	Bug#873904: libidn2-0: CVE-2017-14061: integer overflow in _isBidi function
Date:	Fri, 01 Sep 2017 07:08:00 +0200

Source: libidn2-0
Version: 2.0.2-3
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for libidn2-0, please
double-check.

CVE-2017-14061[0]:
| Integer overflow in the _isBidi function in bidi.c in Libidn2 before
| 2.0.4 allows remote attackers to cause a denial of service or possibly
| have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14061
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14061
[1] 
https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305

Please adjust the affected versions in the BTS as needed, not sure
about older versions than the one in testing/unstable.

Regards,
Salvatore

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#873904: libidn2-0: CVE-2017-14061: integer overflow in _isBidi function, Salvatore Bonaccorso <=
- Bug#873904: marked as done (libidn2-0: CVE-2017-14061: integer overflow in _isBidi function), Debian Bug Tracking System, 2017/09/12

Prev by Date: Bug#873902: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Next by Date: Bug#873902: libidn2-0: CVE-2017-14062: integer overflow in decode_digit
Previous by thread: Processed: cloning 873902, reassign -1 to src:libidn ...
Next by thread: Bug#873904: marked as done (libidn2-0: CVE-2017-14061: integer overflow in _isBidi function)
Index(es):
- Date
- Thread