Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#45861 - [libidn] [lib32-libidn] CVE-2015-2059 - Out-of-bounds read with stringprep on invalid UTF-8
Attached to Project:
Arch Linux
Opened by Damyan Dimitrov (damyan) - Saturday, 01 August 2015, 09:37 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 02 August 2015, 12:24 GMT
Opened by Damyan Dimitrov (damyan) - Saturday, 01 August 2015, 09:37 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 02 August 2015, 12:24 GMT
|
DetailsA security issue have been found in libidn <= 1.30 and there is a fix in the new upstream release 1.31 [1].
[1] http://lwn.net/Alerts/651749/ |
This task depends upon
Closed by Felix Yan (felixonmars)
Sunday, 02 August 2015, 12:24 GMT
Reason for closing: Fixed
Additional comments about closing: libidn/lib32-libidn 1.32-1 in [testing]/[multilib-testing].
Sunday, 02 August 2015, 12:24 GMT
Reason for closing: Fixed
Additional comments about closing: libidn/lib32-libidn 1.32-1 in [testing]/[multilib-testing].
Comment by Paul Bredbury (brebs) -
Sunday, 02 August 2015, 10:11 GMT
libidn 1.32 is the latest version - http://ftp.gnu.org/gnu/libidn/