Debian Security Advisory

DLA-291-1 libidn -- LTS security update

Date Reported:
16 Aug 2015
Affected Packages:
libidn
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

Adam Sampson found a vulnerability in GNU Libidn, library that implements the IETF IDN specifications. Libdin incorrectly handled invalid UTF-8 input, causing it to bad free(). This issue was introduced by the fix for CVE-2015-2059.

For Debian 6 Squeeze, this issue has been fixed in the 1.15-2+deb6u2 version of libidn.