libidn 1.23-2ubuntu0.1 source package in Ubuntu

Changelog

libidn (1.23-2ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read when reading one zero byte
    - debian/patches/CVE-2015-8948.patch: use getline instead of fgets with
      fixed-size buffer in gl/Makefile.am, gl/getdelim.c, gl/getline.c,
      gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gnulib-cache.m4,
      gl/m4/gnulib-comp.m4, gl/m4/realloc.m4, gl/realloc.c, gl/stdint.in.h,
      gl/stdlib.in.h, gltests/Makefile.am, gltests/test-getdelim.c,
      gltests/test-getline.c, src/idn.c.
    - debian/patches/CVE-2016-6262.patch: add extra check in src/idn.c.
    - CVE-2015-8948
    - CVE-2016-6262
  * SECURITY UPDATE: out-of-bounds stack read in idna_to_ascii_4i
    - debian/patches/CVE-2016-6261-1.patch: fix out of bounds read in
      lib/idna.c.
    - debian/patches/CVE-2016-6261-2.patch: fix memory leak in lib/idna.c.
    - debian/patches/CVE-2016-6261-3.patch: add test to tests/Makefile.am,
      tests/tst_toascii64oob.c.
    - CVE-2016-6261
  * SECURITY UPDATE: invalid UTF-8 DoS in stringprep_utf8_nfkc_normalize
    - debian/patches/CVE-2016-6263.patch: reject invalid UTF-8 in
      lib/nfkc.c, tests/Makefile.am, tests/tst_badutf8nfkc.c.
    - CVE-2016-6263
  * debian/rules: build with dh-autoreconf.
  * debian/control: added dh-autoreconf and autopoint to Build-Depends.
  * debian/patches/fix_broken_test.patch: fix broken encoding in test.

 -- Marc Deslauriers <email address hidden>  Tue, 23 Aug 2016 14:32:46 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-08-23
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates on 2016-08-24 main libs
Precise security on 2016-08-24 main libs

Downloads

File Size SHA-256 Checksum
libidn_1.23.orig.tar.gz 3.3 MiB 25b42d75851ebae52e1c969353b74eefd3d6817f41c8d2a6db258f5ec60c5e6a
libidn_1.23-2ubuntu0.1.debian.tar.gz 37.3 KiB c451baac7a6271574c92315e7543a38668e075a366b85752e3698509309f3549
libidn_1.23-2ubuntu0.1.dsc 2.2 KiB 6b5fe02b7a6d76e99be6bff8e9319bcfe474ec5216bb8959e27e5a1bf76fde37

View changes file

Binary packages built by this source

idn: Command line and Emacs interface to GNU Libidn

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the idn command-line tool and its Emacs lisp
 interface.

idn-dbgsym: debug symbols for package idn

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the idn command-line tool and its Emacs lisp
 interface.

libidn11: GNU Libidn library, implementation of IETF IDN specifications

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the shared library.

libidn11-dbgsym: debug symbols for package libidn11

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the shared library.

libidn11-dev: Development files for GNU Libidn, an IDN library

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the header files, static library, pkg-config
 information, API man pages, and the Libidn manual.

libidn11-java: Java port of the GNU Libidn library, an IDN implementation

 GNU Libidn is an implementation of the Stringprep, Punycode and IDNA
 specifications defined by the IETF Internationalized Domain Names
 (IDN) working group, used for internationalized domain names.
 Currently the Nameprep, Kerberos 5 and XMPP Stringprep profiles are
 supported.
 .
 This package contains the native Java port of the library.