libidn 1.32-3ubuntu1.1 source package in Ubuntu

Changelog

libidn (1.32-3ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read when reading one zero byte
    - debian/patches/CVE-2015-8948.patch: use getline instead of fgets with
      fixed-size buffer in gl/Makefile.am, gl/getdelim.c, gl/getline.c,
      gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gnulib-cache.m4,
      gl/m4/gnulib-comp.m4, gl/m4/realloc.m4, gl/realloc.c, gl/stdint.in.h,
      gl/stdlib.in.h, gltests/Makefile.am, gltests/test-getdelim.c,
      gltests/test-getline.c, src/idn.c.
    - debian/patches/CVE-2016-6262.patch: add extra check in src/idn.c.
    - CVE-2015-8948
    - CVE-2016-6262
  * SECURITY UPDATE: out-of-bounds stack read in idna_to_ascii_4i
    - debian/patches/CVE-2016-6261-1.patch: fix out of bounds read in
      lib/idna.c.
    - debian/patches/CVE-2016-6261-2.patch: fix memory leak in lib/idna.c.
    - debian/patches/CVE-2016-6261-3.patch: add test to tests/Makefile.am,
      tests/tst_toascii64oob.c.
    - CVE-2016-6261
  * SECURITY UPDATE: invalid UTF-8 DoS in stringprep_utf8_nfkc_normalize
    - debian/patches/CVE-2016-6263.patch: reject invalid UTF-8 in
      lib/nfkc.c, tests/Makefile.am, tests/tst_badutf8nfkc.c.
    - CVE-2016-6263
  * Fix FTBFS caused by docs regeneration
    - debian/patches/fix_gdoc_path.patch: fix path to gdoc location.
    - debian/control: added help2man and texinfo to Build-Depends.

 -- Marc Deslauriers <email address hidden>  Mon, 22 Aug 2016 14:13:11 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-08-23
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libidn_1.32.orig.tar.gz 3.3 MiB ba5d5afee2beff703a34ee094668da5c6ea5afa38784cebba8924105e185c4f5
libidn_1.32-3ubuntu1.1.debian.tar.xz 82.4 KiB ca711a3ee56c3bf4f603429bbfcda842c1c60f6e95051a0c777f65a62a84d9a5
libidn_1.32-3ubuntu1.1.dsc 2.2 KiB ae2e99369cbf63ecf269b07ab14987354a979e89c5cd86e22db514dd0984c1d4

View changes file

Binary packages built by this source

idn: Command line and Emacs interface to GNU Libidn

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the idn command-line tool and its Emacs lisp
 interface.

idn-dbgsym: debug symbols for package idn

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the idn command-line tool and its Emacs lisp
 interface.

libidn11: GNU Libidn library, implementation of IETF IDN specifications

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the shared library.

libidn11-dbgsym: debug symbols for package libidn11

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the shared library.

libidn11-dev: Development files for GNU Libidn, an IDN library

 GNU Libidn is a fully documented implementation of the Stringprep,
 Punycode and IDNA specifications. Libidn's purpose is to encode and
 decode internationalized domain names. The Nameprep, XMPP, SASLprep,
 and iSCSI profiles are supported.
 .
 This package contains the header files, static library, pkg-config
 information, API man pages, and the Libidn manual.

libidn11-java: Java port of the GNU Libidn library, an IDN implementation

 GNU Libidn is an implementation of the Stringprep, Punycode and IDNA
 specifications defined by the IETF Internationalized Domain Names
 (IDN) working group, used for internationalized domain names.
 Currently the Nameprep, Kerberos 5 and XMPP Stringprep profiles are
 supported.
 .
 This package contains the native Java port of the library.