[SECURITY] [DLA 476-1] libidn security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 476-1] libidn security update
From: Brian May <bam@debian.org>
Date: Wed, 18 May 2016 08:43:24 +1000
Message-id: <[🔎] 20160517224324.GA23364@prune.linuxpenguins.xyz>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libidn
Version        : 1.25-2+deb7u1
CVE ID         : CVE-2015-2059

It was discovered that libidn, the GNU library for Internationalized
Domain Names (IDNs), did not correctly handle invalid UTF-8 input,
causing an out-of-bounds read. This could allow attackers to disclose
sensitive information from an application using the libidn library.

For Debian 7 "Wheezy", these problems have been fixed in version
1.25-2+deb7u1.

We recommend that you upgrade your libidn packages.
- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXO56MAAoJEBeEV3+BH26so3YP/Rnt/2ofEmBo9Xx25fpLzd6u
1B8ljeTr9FCtWg3a+fs3Rcklh6xTSgT/ra3i5bjWiGwYKYDV3HdjBo/ZyBm0tQMN
pGeIdzgsGDBkhsytZlQkMr+Ia5MBj3RWkEAYpARpi6IkUFB8OD0S2AUmM1htxtWR
+udjiKroMG4rsmSstVfOYKZh9rhjdZyQTAIW+PCjZ94LJGEUfe1BMvakFBkYFFB2
yaOUtFrnUlAaxCBs/4A2EoQ4hvWfDr6LNFSbiJIlZ5yTmz2145YrXJAQVGQ0qghM
YdYY4a4VeAJ9H9rKspp0UZm1bmWmAYBt6KFz+Jh1HSYhoRzWenQgTQIYiOGAANAB
fcGTCL7Tl/zuePJ03EhMwh8HXaY4WqI5n2PMYMPAD57gwQr8LRiblskyOIEPajvt
R56hgfo8txHc006W3RGuLi+ovdUDk+u5bE88LFA/yvPlUaIoatHaYx21Boo19/PZ
QjZ6cdlGr50+hrX/In3qbEPcZCPaeYg9mfLZbOQwX1Q5ulCLDpsWk5KqSBVKFbT9
0/aPHWdyJ7rH6cmLfS6NSDG3XCElRI8olOz9SZD3huczsUgvhkG+spZQtYEV5nxv
MHKtcjs/1qWDwDcorDWjaiMq9UHn+BaxXdvspiEjY4z4FdGo/4vD+SZiEzKdyIuP
sWS/hH/zguN3sFS+4TYm
=c5bO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 478-1] squid3 security update
Next by Date: [SECURITY] [DLA 477-1] librsvg security update
Previous by thread: [SECURITY] [DLA 478-1] squid3 security update
Next by thread: [SECURITY] [DLA 477-1] librsvg security update
Index(es):
- Date
- Thread