Debian Security Advisory
DLA-291-1 libidn -- LTS security update
- Date Reported:
- 16 Aug 2015
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
Adam Sampson found a vulnerability in GNU Libidn, library that implements the IETF IDN specifications. Libdin incorrectly handled invalid UTF-8 input, causing it to bad free(). This issue was introduced by the fix for CVE-2015-2059.
For Debian 6
Squeeze, this issue has been fixed in the 1.15-2+deb6u2 version of libidn.