[Secure-testing-commits] r43328 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jul 21 04:44:22 UTC 2016


Author: carnil
Date: 2016-07-21 04:44:21 +0000 (Thu, 21 Jul 2016)
New Revision: 43328

Modified:
   data/CVE/list
Log:
Add three libidn issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-21 04:38:44 UTC (rev 43327)
+++ data/CVE/list	2016-07-21 04:44:21 UTC (rev 43328)
@@ -1,3 +1,21 @@
+CVE-2016-XXXX [stringprep_utf8_nfkc_normalize reject invalid UTF-8]
+	- libidn <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
+	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/20/6
+CVE-2016-XXXX [Solve out-of-bounds-read when reading one zero byte as input]
+	- libidn <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
+	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
+	NOTE: Follow-up fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/20/6
+CVE-2016-XXXX [out-of-bounds stack read in idna_to_ascii_4i]
+	- libidn <unfixed>
+	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
+	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c
+	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
+	NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/20/6
 CVE-2016-6249
 	RESERVED
 CVE-2016-1000030




More information about the Secure-testing-commits mailing list