Accepted libidn 1.25-2+deb7u2 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 28 Jul 2016 16:11:26 -0300
Source: libidn
Binary: idn libidn11-dev libidn11 libidn11-java
Architecture: source amd64 all
Version: 1.25-2+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Libidn Team <help-libidn@gnu.org>
Changed-By: Lucas Kanashiro <kanashiro@debian.org>
Description:
idn - Command line and Emacs interface to GNU Libidn
libidn11 - GNU Libidn library, implementation of IETF IDN specifications
libidn11-dev - Development files for GNU Libidn, an IDN library
libidn11-java - Java port of the GNU Libidn library, an IDN implementation
Changes:
libidn (1.25-2+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-6263, stringprep_utf8_nfkc_normalize reject invalid UTF-8.
It was always documented to only accept UTF-8 data, but now it doesn't
crash when presented with such data. Reported by Hanno Böck.
* Fix CVE-2016-6261, fix out-of-bounds stack read in idna_to_ascii_4i.
See tests/tst_toascii64oob.c for regression check (and the comment in
it how to use it). Reported by Hanno Böck.
* Fix CVE-2015-8948, solve out-of-bounds-read when reading one zero byte as
input. Also replaced fgets with getline. Reported by Hanno Böck.
Checksums-Sha1:
bd841af0e962df246e9c83309f6737c4053e8e97 2181 libidn_1.25-2+deb7u2.dsc
7a8a0b179db4f16aefdab804934ebcfe1b89797d 31241 libidn_1.25-2+deb7u2.debian.tar.gz
0a787bc3d83478a45872278bce3c1c8a9f0b5037 131566 idn_1.25-2+deb7u2_amd64.deb
e51fd81005e6cffdc3cec7f273e92e8ca61fcf24 666882 libidn11-dev_1.25-2+deb7u2_amd64.deb
bba2210d81681c8ef83becaf8d50cc5e086ffb3e 179674 libidn11_1.25-2+deb7u2_amd64.deb
11fd4ae81f6cf7ee3959041c6478bcc4bde0f111 281532 libidn11-java_1.25-2+deb7u2_all.deb
Checksums-Sha256:
32a0233e9ccae9894b07e7c0015488af41f53c76404876645f2a119048236150 2181 libidn_1.25-2+deb7u2.dsc
7d87c19a4b9307b8189b97d3d5922fbb392a669d3d92e9d528fcf976fb6f54b4 31241 libidn_1.25-2+deb7u2.debian.tar.gz
b8b5a3792845297374886531c2284c06298f35713049d592387db595974c2bc2 131566 idn_1.25-2+deb7u2_amd64.deb
a25772898fc6e232bc0cd98a98e29a7e895e00e61251e2e764043c84f77946a2 666882 libidn11-dev_1.25-2+deb7u2_amd64.deb
62abf7bcf12ed0a5b9888ffbf2ddb95780d762f00f073b1d1b76a17e5baad87b 179674 libidn11_1.25-2+deb7u2_amd64.deb
94dd800fc232f9a6c230b58f938a2dc15602cfe784e1cbf083a3f7f74000f8a9 281532 libidn11-java_1.25-2+deb7u2_all.deb
Files:
0186bc7c8cab59ebe8cd9ff43d60ae3f 2181 libs optional libidn_1.25-2+deb7u2.dsc
bf06fac1f0d0206b62463387c8bd6de6 31241 libs optional libidn_1.25-2+deb7u2.debian.tar.gz
5c136eb7a355b9b330bfba3ad0dedcf9 131566 misc optional idn_1.25-2+deb7u2_amd64.deb
9b1625f38ea4d5680aecde6a34a73262 666882 libdevel optional libidn11-dev_1.25-2+deb7u2_amd64.deb
2f2190547d27293997376d45bfd6a313 179674 libs standard libidn11_1.25-2+deb7u2_amd64.deb
c1e536f862965fda25a460d9b7419f70 281532 java optional libidn11-java_1.25-2+deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJXoLBrAAoJEPgjonKYg8l8na0QAJ9GvcNZCj/NJWWMeh1JO2IJ
54H0SNMZZM6Ra8iKHeuVduTFM3j7fqSgY5OVwqSTM7wtKoYe+/1FbL+ttD2GW7Fl
FMtXugDM0cvibxFNneOdVSJjTk22FHRO0x5KboQNcg0/gT0//iVY2eQMSCa9KQLz
8TMCcSI7ZhW2O6DOcTKYyTUwVkBTcKk1WxQ8R9/rNZD5weL5g5XqhWN24WhTKeBm
du7l9/HVb9+13wSLZsrLeQZ5sVi1OwpAIXt0uICvdOe2Wi0b9w9wtVifKOkoL0Lm
v3pjbkPOsNVW9C2q6a7NXfo6/BPks8kfwUFTFU4xDeyqvymZU+R7mmmWS1DdIYFE
4JEip+1XMP7aLFGE8wLdD0ugpgw5xLcos8aMnP7wahDLKMdFLtv7mecxTA9bSv9r
NuYpD8/SRmQnWoOQ4zMIThRg4u0XiM97lCqRDRi/PV8qZ6+qtAJ/iOFehOGLW4y4
h1JK3IpXvIRk+Um99YkOU6o1jAsl2qx+bjIhnW7p/8uxN8OOmavPxBVlxEZhRuRb
N+tYrWK1+nHMuTUJx2TVFxsCBG6jASdRZhh87/5DSMtRF/uaMzkO/sekhLluJ5G6
pgmAbYU2M91yQggYg0n9XDr5cdE02okuQ+NNK9lOH9mEVe8zs0ijiOpj2d4qPXvc
Td9djbdyy+iyjAWh/hBN
=MOkw
-----END PGP SIGNATURE-----