-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-3578-1 security (at) debian (dot) org [email concealed]http://ift.tt/1kZ5swi Alessandro GhediniMay 14, 2016 http://ift.tt/1S3Txy1- -------------------------------------------------------------------------Package : libidnCVE ID : CVE-2015-2059It was discovered that libidn, the GNU library for InternationalizedDomain Names (IDNs), did not correctly handle invalid UTF-8 input,causing an out-of-bounds read. This could allow attackers to disclosesensitive information from an application using the libidn library.For the stable distribution (jessie), this problem has been fixed inversion 1.29-1+deb8u1.For the testing distribution (stretch), this problem has been fixedin version 1.31-1.For the unstable distribution (sid), this problem has been fixed inversion 1.31-1.We recommend that you upgrade your libidn packages.Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://ift.tt/1kZ5swiMailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]-----BEGIN PGP SIGNATURE-----Version: GnuPG v2iQIcBAEBCgAGBQJXN2ZKAAoJEK+lG9bN5XPLT5EP/2IrKAzAYN79hccb4fUq898ySRh/4o7w8RUQh1cPRaHQnr7xVLoJA1Yj5nEG1HRzYCJf2/Bndm2RXcZ6rcso6YJEbpjERbuU5RVnH/jiNoi9+5yyN0WIPbZjBxaHgJvmiWplBxbqwLYmHCwlC+GuTq2ZGcysCK1yziJQ98/dzaZd6pkDXA9Cc86nyw5H4A6eJ1Du1oaX/KePVORL906jM2RkUclhGNeGnNhNU+itcb4BpTzpqmhqEwbPpBIS+9H+Ii672rCMkdeCyxYhGpa2dKudPVIYOLOxmROEPmVWIFpsECZ9zpNXv5+uoM5kZMS5u7F6OjendUIX4JXfmh0st04ocNuiTUeW8jX7PGHWS8/V4Yz7EP0agljbuvX7yEII76vtCqdp39qxUeASSucf50lMg2Wjq5CALq9+RLwtT38zzD+wAXvE0bfv6q4xmU+WF/4XUJDqKGZwVjzqg2Dy/USxntbzoIDn7dca/89FR/LURH1XfgaEdZy+0Cgzxs6S7htaKk3nIhp58aSJFJpTnB2shWEcG2C7v7JjTbAg5Zba2lBIoxvLBdbbPOOUSdvM1ZWvfr+pluftNLEF5xPVG8gPe/x2eaiaRqDellT2dLAW3XvHMU0Uwpos5InhP8jtAOS8CmgiE8Xdz9pvZsHLrKS/ZWFu2q86oREch0AQwMsM=dDeP-----END PGP SIGNATURE-----[ reply ]from SecurityFocus Vulnerabilities http://ift.tt/1WA3Xe9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3578-1 security (at) debian (dot) org [email concealed]
http://ift.tt/1kZ5swi Alessandro Ghedini
May 14, 2016 http://ift.tt/1S3Txy1
- ------------------------------------------------------------------------
-
Package : libidn
CVE ID : CVE-2015-2059
It was discovered that libidn, the GNU library for Internationalized
Domain Names (IDNs), did not correctly handle invalid UTF-8 input,
causing an out-of-bounds read. This could allow attackers to disclose
sensitive information from an application using the libidn library.
For the stable distribution (jessie), this problem has been fixed in
version 1.29-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed
in version 1.31-1.
For the unstable distribution (sid), this problem has been fixed in
version 1.31-1.
We recommend that you upgrade your libidn packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://ift.tt/1kZ5swi
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJXN2ZKAAoJEK+lG9bN5XPLT5EP/2IrKAzAYN79hccb4fUq898y
SRh/4o7w8RUQh1cPRaHQnr7xVLoJA1Yj5nEG1HRzYCJf2/Bndm2RXcZ6rcso6YJE
bpjERbuU5RVnH/jiNoi9+5yyN0WIPbZjBxaHgJvmiWplBxbqwLYmHCwlC+GuTq2Z
GcysCK1yziJQ98/dzaZd6pkDXA9Cc86nyw5H4A6eJ1Du1oaX/KePVORL906jM2Rk
UclhGNeGnNhNU+itcb4BpTzpqmhqEwbPpBIS+9H+Ii672rCMkdeCyxYhGpa2dKud
PVIYOLOxmROEPmVWIFpsECZ9zpNXv5+uoM5kZMS5u7F6OjendUIX4JXfmh0st04o
cNuiTUeW8jX7PGHWS8/V4Yz7EP0agljbuvX7yEII76vtCqdp39qxUeASSucf50lM
g2Wjq5CALq9+RLwtT38zzD+wAXvE0bfv6q4xmU+WF/4XUJDqKGZwVjzqg2Dy/USx
ntbzoIDn7dca/89FR/LURH1XfgaEdZy+0Cgzxs6S7htaKk3nIhp58aSJFJpTnB2s
hWEcG2C7v7JjTbAg5Zba2lBIoxvLBdbbPOOUSdvM1ZWvfr+pluftNLEF5xPVG8gP
e/x2eaiaRqDellT2dLAW3XvHMU0Uwpos5InhP8jtAOS8CmgiE8Xdz9pvZsHLrKS/
ZWFu2q86oREch0AQwMsM
=dDeP
-----END PGP SIGNATURE-----
[ reply ]