[Secure-testing-team] Bug#873904: libidn2-0: CVE-2017-14061: integer overflow in _isBidi function
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 1 05:08:00 UTC 2017
Source: libidn2-0
Version: 2.0.2-3
Severity: important
Tags: upstream security patch
Hi,
the following vulnerability was published for libidn2-0, please
double-check.
CVE-2017-14061[0]:
| Integer overflow in the _isBidi function in bidi.c in Libidn2 before
| 2.0.4 allows remote attackers to cause a denial of service or possibly
| have unspecified other impact.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14061
[1] https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
Please adjust the affected versions in the BTS as needed, not sure
about older versions than the one in testing/unstable.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list