Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow

From:	Debian Bug Tracking System
Subject:	Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Date:	Sun, 01 Oct 2017 12:03:08 +0000

Your message dated Sun, 01 Oct 2017 12:02:08 +0000
with message-id <address@hidden>
and subject line Bug#873902: fixed in libidn2-0 0.16-1+deb9u1
has caused the Debian Bug report #873902,
regarding libidn2-0: CVE-2017-14062: integer overflow in decode_digit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact address@hidden
immediately.)


-- 
873902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873902
Debian Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: libidn2-0: CVE-2017-14062: integer overflow in decode_digit Date: Fri, 01 Sep 2017 06:52:53 +0200

Source: libidn2-0
Version: 0.10-2
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for libidn2-0.

CVE-2017-14062[0]:
| Integer overflow in the decode_digit function in puny_decode.c in
| Libidn2 before 2.0.4 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14062
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062
[1] 
https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd

Regards,
Salvatore

--- End Message ---

--- Begin Message --- Subject: Bug#873902: fixed in libidn2-0 0.16-1+deb9u1 Date: Sun, 01 Oct 2017 12:02:08 +0000

Source: libidn2-0
Source-Version: 0.16-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
libidn2-0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to address@hidden,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <address@hidden> (supplier of updated libidn2-0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing address@hidden)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Sep 2017 10:57:48 +0200
Source: libidn2-0
Binary: libidn2-0 libidn2-0-dev libidn2-0-dbg idn2
Architecture: source amd64
Version: 0.16-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Ondřej Surý <address@hidden>
Changed-By: Ondřej Surý <address@hidden>
Description:
 idn2       - Internationalized domain names (IDNA2008) command line tool
 libidn2-0  - Internationalized domain names (IDNA2008) library
 libidn2-0-dbg - Internationalized domain names (IDNA2008) debug symbols
 libidn2-0-dev - Internationalized domain names (IDNA2008) development files
Closes: 873902
Changes:
 libidn2-0 (0.16-1+deb9u1) stretch-security; urgency=high
 .
   * CVE-2017-14062: Fix integer overflow in decode_digit (Closes: #873902)
   * Add myself to Uploaders:
Checksums-Sha1:
 6c483b6bb447867564a81fea4dd27aa74f6bba81 2339 libidn2-0_0.16-1+deb9u1.dsc
 26311b538897a8ed0569922132f2139ee3ec6a28 1494295 libidn2-0_0.16.orig.tar.gz
 bfb90891c3b3cfa85277bcc7851cc900bff75a67 57988 
libidn2-0_0.16-1+deb9u1.debian.tar.xz
 e31da3448a287163f481d4062f3f836fe77f159e 35420 idn2_0.16-1+deb9u1_amd64.deb
 faa1e44802f6e0e5d6718a155be4c1086fa8f186 78034 
libidn2-0-dbg_0.16-1+deb9u1_amd64.deb
 1c0852e5aa22003176b082b96a2dba57d85b57f0 265728 
libidn2-0-dev_0.16-1+deb9u1_amd64.deb
 9010f0f20e6d53f8f6a4a57ec182a0da19afdf5e 9381 
libidn2-0_0.16-1+deb9u1_amd64.buildinfo
 4e94815506391c08950879f0daa955e6d324d94a 60670 
libidn2-0_0.16-1+deb9u1_amd64.deb
Checksums-Sha256:
 70c6e54e5a1bf1727fc79d74722e658b1ec087ea9c8e5f9eb5c506b9a3e64a79 2339 
libidn2-0_0.16-1+deb9u1.dsc
 2fad9efff4082ae2143f69df76339ca99379e0e0f4231455f5d3d9d2089c688f 1494295 
libidn2-0_0.16.orig.tar.gz
 cfc2f155f4c97f759ce58909c624b586e1815bc5db98528a76bd12a8095844b1 57988 
libidn2-0_0.16-1+deb9u1.debian.tar.xz
 39a24f7806b64393aa3e1e51d7043e4d9f9aa01d5b1fedeeef7ae5539bf5e153 35420 
idn2_0.16-1+deb9u1_amd64.deb
 de4e3dbca9269b6ebdd0e9e5529518415cac674f6dbb4d7ef4ed3a5149bbfcef 78034 
libidn2-0-dbg_0.16-1+deb9u1_amd64.deb
 f1cd8b652241b06a6a58c150c751850188d64dcf22b97360cff961db83b3410c 265728 
libidn2-0-dev_0.16-1+deb9u1_amd64.deb
 742db56d332278e7ec6da6b1797f21ce0e6757c8848b35c1f1d3844dffe91530 9381 
libidn2-0_0.16-1+deb9u1_amd64.buildinfo
 96fcb4479def709a9c1d8533bf091ee2c3e08a60a07d2f024668559e16aa90b4 60670 
libidn2-0_0.16-1+deb9u1_amd64.deb
Files:
 27c17f6adec1d879ce208fb8de1053e1 2339 libs extra libidn2-0_0.16-1+deb9u1.dsc
 bc4c2f777016011b613affbd55e2ff83 1494295 libs extra libidn2-0_0.16.orig.tar.gz
 addfd0303a1245793b02855f3678becd 57988 libs extra 
libidn2-0_0.16-1+deb9u1.debian.tar.xz
 ba038ad7e24b4efac04652a7acb99f2c 35420 devel extra idn2_0.16-1+deb9u1_amd64.deb
 4e0b0cf6fd7f10d456b925c043c74926 78034 debug extra 
libidn2-0-dbg_0.16-1+deb9u1_amd64.deb
 b385ff0362720cd95476df67bf9c0fa5 265728 libdevel extra 
libidn2-0-dev_0.16-1+deb9u1_amd64.deb
 e03ce37d7b8747726e80ff4a48904aea 9381 libs extra 
libidn2-0_0.16-1+deb9u1_amd64.buildinfo
 53d198157c625507f85374e545f2dfda 60670 libs extra 
libidn2-0_0.16-1+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlnPzytfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw
QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8
uwdjyw//VF4TDCaTkeszLjsojWXbGsBYQ4v1X0735YW8tkmGXpPcvOZgWy98lwim
xCNe/66G6NbysAhhFxWdK/zAWXSMfkobVXBULHknW55zH1sNMnQQHMHEZ2iTnQGv
d3Z0P8STkLxVVjLXHY4rxAonJXfciypSJELxFFP0NQmZcsi3w5yw6nKjgISqLzJz
B6CeIlpTpQPjt73jYIs3vUzLUd98X8uZms4VzULBTDlQqGF1jxS2hJgs9to9igrf
oOy3yDFfMBsy639SbROBW7n1fEX7p9/C3lv86yD6uX5vyc05BKo5bapl9KVhbHcW
BbcJrYxBxWc+2owQs7nEXxq8SiIiwVqJhP7N8v2gGrgWGoOF37MGVUf1KjcCSYmE
nZU9ES16fUFR8b2gkQ9HwkABJh+r8xY/odB8v2zbGvHUN8PPjGKgnJloD2IMjm+v
7+xCySd67DRhXW+BquPZ5WwaJq57Pjyo/qYzyfxRnC/IrvGgyCZuS4pn0/cM25Ij
mXpl6D2CdK63PZJZ5YAudNxY6KE05x7BiADHNZcQ49RXH0zJLFCVmCfaZmy+hewn
9XpaSZT8bOHFQQ0Zj4OFNDvy9F0MxoVvGVPAYhHDuO4Ge8gpGrndfKiG/CopOhqa
3tt9oivCvkR/F8gEgoZj9ujx+ihTlprr1bd7hmKEyxd9CWXxLZs=
=UUhi
-----END PGP SIGNATURE-----

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit), Debian Bug Tracking System <=
- Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit), Debian Bug Tracking System, 2017/10/08

Next by Date: Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Next by thread: Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Index(es):
- Date
- Thread