Package : libidn Version : 1.25-2+deb7u2 CVE ID : CVE-2015-8948 CVE-2016-6261 CVE-2016-6263 Multiple vulnerabilities have been discovered in libidn. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8948 When idn is reading one zero byte as input an out-of-bounds-read occurred. CVE-2016-6261 An out-of-bounds stack read is exploitable in idna_to_ascii_4i. CVE-2016-6263 stringprep_utf8_nfkc_normalize reject invalid UTF-8, causes a crash. For Debian 7 "Wheezy", these problems have been fixed in version 1.25-2+deb7u2. We recommend that you upgrade your libidn packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature