[3.2] libidn: out-of-bounds read with stringprep on invalid UTF-8 (CVE-2015-2059)
An out-of-bounds read flaw was found in libidn, which could potentially
allow an attacker to disclose
sensitive information from an application using the libidn library.
Fixed In Version:
libidn 1.31
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-2059
http://seclists.org/oss-sec/2015/q1/672
Patch:
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
(from redmine: issue id 5586, created on 2016-05-17, closed on 2016-06-23)
- Relations:
- parent #5584 (closed)
- Changesets:
- Revision 5bafcce1 on 2016-06-21T09:00:58Z:
main/libidn: security upgrade to 1.31 (CVE-2015-2059). Fixes #5586