Debian Security Advisory
DLA-2883-1 -- LTS security update
- Date Reported:
- 25 Jan 2022
- Security database references:
- In Mitre's CVE dictionary: CVE-2021-46141, CVE-2021-46142.
- More information:
It was discovered that there were two "invalid free" issues in uriparser, a C library for parsing URLs according to RFC 3986.
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
For Debian 9
Stretch, these problems have been fixed in version 0.8.4-1+deb9u3.
We recommend that you upgrade your packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS