Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow

From:	Debian Bug Tracking System
Subject:	Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Date:	Sun, 08 Oct 2017 11:36:18 +0000

Your message dated Sun, 08 Oct 2017 11:33:58 +0000
with message-id <address@hidden>
and subject line Bug#873902: fixed in libidn2-0 0.10-2+deb8u1
has caused the Debian Bug report #873902,
regarding libidn2-0: CVE-2017-14062: integer overflow in decode_digit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact address@hidden
immediately.)


-- 
873902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873902
Debian Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: libidn2-0: CVE-2017-14062: integer overflow in decode_digit Date: Fri, 01 Sep 2017 06:52:53 +0200

Source: libidn2-0
Version: 0.10-2
Severity: important
Tags: upstream security patch

Hi,

the following vulnerability was published for libidn2-0.

CVE-2017-14062[0]:
| Integer overflow in the decode_digit function in puny_decode.c in
| Libidn2 before 2.0.4 allows remote attackers to cause a denial of
| service or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14062
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14062
[1] 
https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd

Regards,
Salvatore

--- End Message ---

--- Begin Message --- Subject: Bug#873902: fixed in libidn2-0 0.10-2+deb8u1 Date: Sun, 08 Oct 2017 11:33:58 +0000

Source: libidn2-0
Source-Version: 0.10-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libidn2-0, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to address@hidden,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <address@hidden> (supplier of updated libidn2-0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing address@hidden)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Sep 2017 11:05:35 +0200
Source: libidn2-0
Binary: libidn2-0 libidn2-0-dev libidn2-0-dbg idn2
Architecture: source amd64
Version: 0.10-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <address@hidden>
Changed-By: Ondřej Surý <address@hidden>
Description:
 idn2       - Internationalized domain names (IDNA2008) command line tool
 libidn2-0  - Internationalized domain names (IDNA2008) library
 libidn2-0-dbg - Internationalized domain names (IDNA2008) debug symbols
 libidn2-0-dev - Internationalized domain names (IDNA2008) development files
Closes: 873902
Changes:
 libidn2-0 (0.10-2+deb8u1) jessie-security; urgency=high
 .
   * CVE-2017-14062: Fix integer overflow in decode_digit (Closes: #873902)
   * Add myself to Uploaders:
   * Update d/gbp.conf for jessie updates
Checksums-Sha1:
 d9a6f50b418f63da51c17f286e2fa32c06f1d9e7 2275 libidn2-0_0.10-2+deb8u1.dsc
 572c0fd2592d28983ac505f5c336c9d48b9082e4 1580496 libidn2-0_0.10.orig.tar.gz
 3dd4b55b3b74fc2aaaab05bb1b3a67568d4f4537 53080 
libidn2-0_0.10-2+deb8u1.debian.tar.xz
 0ef7f539b0d95ff019cff7cdd4bdb5ce7a9af35c 69064 
libidn2-0_0.10-2+deb8u1_amd64.deb
 75f13bc6e623e19928676c759168c531b3c5c8fb 275502 
libidn2-0-dev_0.10-2+deb8u1_amd64.deb
 26001b3d3f6d46cb4bc41ccb750d9dbf81a0049f 125506 
libidn2-0-dbg_0.10-2+deb8u1_amd64.deb
 ddd9f6840bc0347d4e46c4a5fea3a8dc77a99f63 35884 idn2_0.10-2+deb8u1_amd64.deb
Checksums-Sha256:
 9a52e6a8bd855e891e0a6d06ede1f29dd0bafc545a87e81727be7289783b847b 2275 
libidn2-0_0.10-2+deb8u1.dsc
 3d301890bdbb137424f5ea495f82730a4b85b6a2549e47de3a34afebeac3e0e3 1580496 
libidn2-0_0.10.orig.tar.gz
 a5c06e90c8407ca0285a5912893421aded11d6159080bfd12befc0306c828a73 53080 
libidn2-0_0.10-2+deb8u1.debian.tar.xz
 461a656101105bb62c5084984fd57925c6735ecf1056bd570336a59309f0afa9 69064 
libidn2-0_0.10-2+deb8u1_amd64.deb
 39c09c519077cf7221ad9ea727dc036c6ac840bdace810cdfe9a8952344e277e 275502 
libidn2-0-dev_0.10-2+deb8u1_amd64.deb
 c8f3aa09a0f2def6aa32230d12e897064843d4994d4923bdcd78762a45582005 125506 
libidn2-0-dbg_0.10-2+deb8u1_amd64.deb
 6db18c84631b70c304f9fd8b33c3325a391c8a9212d47337fc274c1231ccc913 35884 
idn2_0.10-2+deb8u1_amd64.deb
Files:
 2a92bc1522f42d50ff34d6b09ca63c5d 2275 libs extra libidn2-0_0.10-2+deb8u1.dsc
 07560c7d6f747e0cef1207bc376ae266 1580496 libs extra libidn2-0_0.10.orig.tar.gz
 c75f5d12655c753a1d2dd1ef0040a7cd 53080 libs extra 
libidn2-0_0.10-2+deb8u1.debian.tar.xz
 fe3e69a908dc36645f6efef3bb5f7e04 69064 libs extra 
libidn2-0_0.10-2+deb8u1_amd64.deb
 24b4d9b070043bba7c5753565741ce7d 275502 libdevel extra 
libidn2-0-dev_0.10-2+deb8u1_amd64.deb
 8b9dfab9eaad2d04e89661b9fbf5913f 125506 debug extra 
libidn2-0-dbg_0.10-2+deb8u1_amd64.deb
 63337044aee75a497ba2a5f70ee38331 35884 devel extra idn2_0.10-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEMLkz2A/OPZgaLTj7DJm3DvT8uwcFAlnP0JdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDMw
QjkzM0Q4MEZDRTNEOTgxQTJEMzhGQjBDOTlCNzBFRjRGQ0JCMDcACgkQDJm3DvT8
uwdruRAA0a+ENwEtVPR7U03OAk+LzBxdmwaPWkhtN0chEFlvUZ+JEZsLiQdNXzD8
lOoUbCpXSEthITMHnrKbq8DN1UF1wwkJqeftLiv8Oj0MQbrTmGqB6SRlvlqZGDqX
GOTY1cUm5+rSeszdNdMZBPkPEaUbOptUR0qLwU/0V1Zgw4bEvYJDnPIXrzGJF8Yc
W2bDYfQtUg0YsnMg7UFfep6ohSpahEvN/tcmyJKGsrY+A9ZJ9UkLlSLSabqltuO8
pRCOOYKz2H2ywDEjjUF3E3Bv8mOzqD3PBoCrWmVduNAfhWiBcjuEi/30mFsNIwoe
HuBCBkXzMo/sOtqsfGM290RSA8S3bN4oVHQ80hzEO7WXKpPqPFcEiRDzOp8DABgy
TbhFl+7ihS1WniAfdpop4DDhS4sLx9lugBka63hZCtHqHqkI6Vbqar5P+4PB+j8d
dbtNc7Kl/Rcw7xG+ASafN9Yw1f5rewvcs+5shoa+Y19HTGz27cgFul5a3LTnjrVN
nmA669zkS3Ub9tXBbdYNufxST1QjvzFKGq5GMMaJX7/KflEgfoW0TNl/0M0SmlEU
+2LDReTRBGEs05BGoeUMkGAA//kz6ZLdD9VWcncwhKHwSciXJfkVmYU6PQOka2p2
IA73dYjtVAZS6L5qy/xvPq8IYtMS8DBK6ajhCTUt3lwu2A9LY10=
=kqiA
-----END PGP SIGNATURE-----

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit), Debian Bug Tracking System, 2017/10/01
- Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit), Debian Bug Tracking System <=

Prev by Date: Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Next by Date: OS X and "recipe for target 'libidn2.la' failed"
Previous by thread: Bug#873902: marked as done (libidn2-0: CVE-2017-14062: integer overflow in decode_digit)
Next by thread: OS X and "recipe for target 'libidn2.la' failed"
Index(es):
- Date
- Thread