[SECURITY] [DLA 1084-1] libidn security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1084-1] libidn security update
From: Chris Lamb <lamby@debian.org>
Date: Sat, 02 Sep 2017 22:41:37 +0100
Message-id: <[🔎] 1504388497.3726684.1093385152.3B96E4E0@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libidn
Version        : 1.25-2+deb7u3
CVE ID         : CVE-2017-14062
Debian Bug     : #873903

It was discovered that there was an integer overflow vulnerability in
libidn's Punycode handling (an encoding used to convert Unicode characters
to ASCII) which would have allowed remote attackers to cause a denial of
service.

For Debian 7 "Wheezy", this issue has been fixed in libidn version
1.25-2+deb7u3.

We recommend that you upgrade your libidn packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmrJYkACgkQHpU+J9Qx
Hli84RAAvTEYEXb3QOTLpizhFCNT9vGDw5VIj6rqUlYJ4GeeNbmW6mSkwlxUMNS/
BEcvRn72L08vNbzyqYuALksa2ix8qYkqoiABVmAPYlrgIm9lKPXMSumq7IHeLKEF
uVdgBx6oBTQYlLKqycY398yZ1ORgtPhiqRUc8b1R1rvwBELKg5Y6HNTNWANA9ue0
qkXeM1SjHZjxDSer3bgDgjaVGBNbmZuL57/Ig4D0QS14LUf2a0dri76iZSepgyK5
QU96dk+ZybGOzSA7x+ClnsRZq7sXOx+3isirbBAD6LwxIYg/xBmD5JE3Aebe2vrB
igfxwq8XE+44iKiwMK6p0M3nmZPo7uXvv/xCwr2/+nWw2hoSXCxnel1Nt4pAnL7p
UWpfT1RGkWZ4ucV6qMLjHZxnR+eagMWV2cvgMPJqRdTj5pstOvAF/Gtsf/pZ7BXZ
7uttHoh/Z5FgeEoH4a9Dtta0R+USRcfjxbB25godL3ixSUtF9OdMdpvIip/gAxtn
rWr5xl1NvD60Rk2scICtcCD9SaVsblL2jG3KMWXd4Kf8+0IPSPFgtOq1QRE3Qxl8
rOpn0KxPIyi8P3xVL3Lvza49lglkChk3O065qXNzD7Gg78idjEv/8eAPJAWuOfg9
nLNEa8INePUNDJ/4QcXCiusOo+G4sp8+e4SRmbGK1kHVWdCK0NY=
=O+Y8
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 1085-1] libidn2-0 security update
Next by thread: [SECURITY] [DLA 1085-1] libidn2-0 security update
Index(es):
- Date
- Thread