Bug#942895: marked as done (CVE-2019-18224)

help-libidn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#942895: marked as done (CVE-2019-18224)

From:	Debian Bug Tracking System
Subject:	Bug#942895: marked as done (CVE-2019-18224)
Date:	Sun, 02 Feb 2020 13:51:07 +0000

Your message dated Sun, 02 Feb 2020 13:47:08 +0000
with message-id <address@hidden>
and subject line Bug#942895: fixed in libidn2 2.0.5-1+deb10u1
has caused the Debian Bug report #942895,
regarding CVE-2019-18224
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact address@hidden
immediately.)


-- 
942895: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942895
Debian Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: CVE-2019-18224 Date: Tue, 22 Oct 2019 23:37:11 +0200

Source: libidn2
Severity: grave
Tags: security

This was assigned CVE-2019-18224: 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420

Patch: 
https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c

Cheers,
        Moritz

--- End Message ---

--- Begin Message --- Subject: Bug#942895: fixed in libidn2 2.0.5-1+deb10u1 Date: Sun, 02 Feb 2020 13:47:08 +0000

Source: libidn2
Source-Version: 2.0.5-1+deb10u1

We believe that the bug you reported is fixed in the latest version of
libidn2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to address@hidden,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <address@hidden> (supplier of updated libidn2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing address@hidden)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 30 Jan 2020 23:15:38 +0100
Source: libidn2
Architecture: source
Version: 2.0.5-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Libidn team <address@hidden>
Changed-By: Salvatore Bonaccorso <address@hidden>
Closes: 942895 949705
Changes:
 libidn2 (2.0.5-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix free of random (stack) value in idn2_to_ascii_4i()
   * idn2_to_ascii_4i(): Restrict output length to 63 (CVE-2019-18224)
     (Closes: #942895)
   * Fail make if 'ronn' doesn't exist when building docs
   * Fix generation of idn2.1 man page file
   * Move texinfo from Build-Depends-Indep to Build-Depends (Closes: #949705)
Checksums-Sha1: 
 bded069a9cfc83faeead5a1b817cc22668bdf898 2501 libidn2_2.0.5-1+deb10u1.dsc
 91a5122511f87aaaa3f1b700f23c487aaf0dbd9e 2091929 libidn2_2.0.5.orig.tar.gz
 40e6d1b1a8e25ae4f799703087d1ac4cd44b3f97 10286540 
libidn2_2.0.5-1+deb10u1.debian.tar.xz
Checksums-Sha256: 
 6c4eac5dc85983e4cf37ee8deea5e23cfb9e1620f7a94a858726676c8858b498 2501 
libidn2_2.0.5-1+deb10u1.dsc
 53f69170886f1fa6fa5b332439c7a77a7d22626a82ef17e2c1224858bb4ca2b8 2091929 
libidn2_2.0.5.orig.tar.gz
 37cfdc06e4e2f03e932af5bb309cbe94f8466f8b347aa34fa7c1e03a425556b2 10286540 
libidn2_2.0.5-1+deb10u1.debian.tar.xz
Files: 
 b29eb22f7dd8e80e73f2ca7b32225f27 2501 libs optional libidn2_2.0.5-1+deb10u1.dsc
 eaf9a5b9d03b0cce3760f34b3124eb36 2091929 libs optional 
libidn2_2.0.5.orig.tar.gz
 e9a6a022a92476fcb233d8c0a3cd245f 10286540 libs optional 
libidn2_2.0.5-1+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl4zWldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E58AQAKAC9d15tIIlnGUs+LnZCqex5l1N8L3j
GXQqtiQziTC3fW4S/v/EkuqluL3QJvZL3Of9qhZ6hwsHL1JGgeqydwoRrcBvDXRQ
aL0YTC8Jv6+zvIgOZ7oRaC+dx5vIi73uZ8bS8p01JHqKrm2oFxYTGosgHL56bUfp
9XItBi8kOtPiGOMkVfU2vajgFKWmnAvj/acy2yVWLqtGnPCWH5Up6/CnKJOSb02p
CxU73zPe/qQBz0NUY+6zgwFdYTBdMR4BC9+GJ6/aKI8YVoad72L/nh8aEooQltRU
GPOP31MAVgWI0WyDmvwYIa0koEj7OCvcZQbQo214/yBXVLeiHDutuZCtZGZlu3J9
CF7N4b3Cnl3WIGhaut5Vd7Ha3BYRypZY8niAQXf+ks1mTfc+jHdHDvF8HhkDMtVy
H5QFDT6ZsVXAvvo9l5DUHLRL++E/Uc8c0cP/XvAzsmtAFfPpVSGawLERbzaaI/N7
j73DPWryJDo0TU/FCLL++Om5ps1DIWPR1x0LIxPqCoI7h1/84n3/gxSY0QhCkBtY
GIYhwSzL8WXu8EC7PLsyIrAZvXtwLApw3Am9b+nleaPS33TcuZdxVDWtjAcfuw7U
1T8NQYYE4Ui0Yov+XGTAOXTukfyVlZMzcN73zHsKWVL1Lu+cH7jIJ5qLL++yse4g
AktOoMwIE6oM
=cHeG
-----END PGP SIGNATURE-----

--- End Message ---

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#942895: marked as done (CVE-2019-18224), Debian Bug Tracking System <=

Prev by Date: libidn2_2.0.5-1+deb10u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by Date: Bug#949705: marked as done (libidn2: binary-arch target depends on makeinfo (but texinfo is in Build-Depends-Indep))
Previous by thread: libidn2_2.0.5-1+deb10u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by thread: Bug#949705: marked as done (libidn2: binary-arch target depends on makeinfo (but texinfo is in Build-Depends-Indep))
Index(es):
- Date
- Thread