Re: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input

To: Patrick Schleizer <adrelanos@riseup.net>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>, security@debian.org, ghedo@debian.org, Whonix-devel <whonix-devel@whonix.org>
Subject: Re: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
From: francois@avalenn.eu
Date: Thu, 2 Jul 2015 14:03:12 +0200
Message-id: <[🔎] 20150702120312.GB8358@fjo-extia-HPdeb.nsn-net.net>
In-reply-to: <[🔎] 55944BBD.4050707@riseup.net>
References: <[🔎] 55944BBD.4050707@riseup.net>

On Wed, Jul 01, 2015 at 08:21:17PM +0000, Patrick Schleizer wrote:
> Are you aware of this already?
> 
> [SECURITY NOTICE] libidn with bad UTF8 input
> 
> http://curl.haxx.se/mail/lib-2015-06/0143.html

Out of curiosity, is it related to
https://security-tracker.debian.org/tracker/CVE-2015-2059 ?

I find the answer to this ticket a bit concise. Indeed it can be
considered as a non-important vulnerability on libidn but it seems to
me that it can trigger several more important in reverse-depends (as
it seems to be the case for curl).

François.

Reply to:

References:
- curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
  - From: Patrick Schleizer <adrelanos@riseup.net>

Prev by Date: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
Next by Date: Re: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
Previous by thread: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
Next by thread: Re: curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input
Index(es):
- Date
- Thread