[3.4] libidn: Multiple security issues (CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261)
CVE-2016-6263: Crash when given invalid UTF-8 data on input
CVE-2015-8948: Out-of-bounds read due to use of fgets with fixed-size buffer
CVE-2016-6262: Out-of-bounds read when reading zero byte as input
CVE-2016-6261: Out of bounds stack read in idna_to_ascii_4i
Fixed In Version:
libidn 1.33
References and patches:
http://seclists.org/oss-sec/2016/q3/124
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
(from redmine: issue id 5966, created on 2016-07-26, closed on 2016-08-09)
- Relations:
- parent #5964 (closed)
- Changesets:
- Revision ffe337c3 on 2016-08-05T12:15:20Z:
main/libidn: security upgrade to 1.33. Fixes #5966
(CVE-2016-6263, CVE-2015-8948, CVE-2016-6262, CVE-2016-6261)
(cherry picked from commit 87698baa9ec19d0554e5233954b6f266efe8b5cd)