[SECURITY] [DLA 2834-1] uriparser security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2834-1] uriparser security update
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 1 Dec 2021 01:31:17 +0200
Message-id: <[🔎] 20211130233117.GA21291@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2834-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 30, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : uriparser
Version        : 0.8.4-1+deb9u2
CVE ID         : CVE-2018-20721

Out-of-bounds read for an incomplete URI with an IPv6 address containing 
an embedded IPv4 address has been fixed in uriparser, a library to parse 
Uniform Resource Identifiers (URIs).

For Debian 9 stretch, this problem has been fixed in version
0.8.4-1+deb9u2.

We recommend that you upgrade your uriparser packages.

For the detailed security status of uriparser please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/uriparser

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGmtEUACgkQiNJCh6LY
mLFaQw/8Dfsub+UELRyi0tgxDNvYapQndWI/fFK0TLYhaKWZfRI+lXDmlneJcmq5
ZjWn42rliO0t+yq3homx9CbinMhDPDaSANXep9GfDICTvf6XWJU1Ku6WQkSnPoDU
W+PLdLe7DQClOVPkNlgSwl2+6Gj99SQyl2u0+BnWchN/9I11DudfMYfyaBxlI5je
8lt4kBvv/QMwr9f/CqvQoovYwWGuv8kDGDxHhM8BJ/c7XJRWkLccDxsPpbAQ5/Y/
csFqlKGh5NAgF6/mPEgo+sv4TuJQfuxZoRlmZvhyWZ1fJ8q14HVFYqrEVAmJNMRT
s0hVg8K6rdcJbrnmGWNei+KKYTU8hXmSwrmaFyNNug7Fn3NzgoeXQ41ohl2VUkio
cM9ZNHzm5v6wka/LkSq9agtxyzdQrMTgXTvYawGjF121X7pyDYboyu0Ydheo2TEl
dvuMH0vJQdC3lQSH9jh3C0OqzJJ0xWWJZUiBC0W4dJy4TdBYT7ye6s8wPgEOmvOg
+/rZ8CX5HwPM+92DXTnkVhfX/GfVJj3fvWwrgSu0QMNeMF1zHiEI7Q2ie4ULtDgy
imqlYCpXjKKrJpuRiES/JkhcZf3pWluzhzlg9F7QP0dcBbewIjnMCqBFohum2BD4
v/VrsZsktda/l3ikQ5rzf0TEptFAdRsr4MMbFk6OR9pQR0iLjWE=
=AuK+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2833-1] rsync security update
Next by Date: [SECURITY] [DLA 2835-1] rsyslog security update
Previous by thread: [SECURITY] [DLA 2833-1] rsync security update
Next by thread: [SECURITY] [DLA 2835-1] rsyslog security update
Index(es):
- Date
- Thread