Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655668 - <net-dns/libidn-1.34: Multiple vulnerabilities
Summary: <net-dns/libidn-1.34: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-13 16:22 UTC by Jeroen Roovers (RETIRED)
Modified: 2020-03-28 20:02 UTC (History)
1 user (show)

See Also:
Package list:
=net-dns/libidn-1.35
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2018-05-13 16:22:59 UTC 
Libidn NEWS -- History of user-visible changes.                 -*- outline -*-
Copyright (C) 2002-2018 Simon Josefsson
See the end for copying conditions.

* Version 1.35 (2018-05-11)

** Reflect ABI/API breakage in version 1.34
   (Stringprep_profile has a new struct member)
   Reported-by: Miroslav Lichvar

** Added new gnulib files to repository

** Fix build issues introduced in 1.34

**
* Version 1.34 (2018-03-31)

** libidn: Fix integer overflow in combine_hangul()
   Found by fuzzing.

** libidn: Fix integer overflow in punycode decoder
   Found by fuzzing, fix for the fix reported by Christian Weisgerber

** libidn: Fix performance issue in idna_to_unicode_internal()
   Found by fuzzing.

** libidn: Fix performance issue in stringprep functions.
   Found by fuzzing.

** libidn: Fix NULL pointer dereference in g_utf8_normalize()
   Found by fuzzing.

** libidn: Fix NULL pointer dereference in stringprep_ucs4_nfkc_normalize()
   Found by fuzzing.

** libidn: Increase performance of stringprep functions
   Found by fuzzing.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2018-05-13 16:23:57 UTC 
Arch teams, please test and mark stable:
=net-dns/libidn-1.35
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
 * Arches to go stable: - 9 -
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-13 22:08:39 UTC 
x86 stable
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-05-13 23:44:53 UTC 
amd64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2018-05-14 19:17:41 UTC 
commit 7f4923facf9ca4a807d43513b63ae6dae1934158
Author: Jeroen Roovers <jer@gentoo.org>
Date:   Mon May 14 11:50:29 2018 +0200

    net-dns/libidn: Stable for HPPA too.
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2018-05-14 21:20:38 UTC 
Stable on alpha.
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-05-15 19:54:18 UTC 
arm stable
Comment 7 Larry the Git Cow gentoo-dev 2018-05-16 21:19:18 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eecb129bc75fbc02706eb42afadf1e7c831ffb62

commit eecb129bc75fbc02706eb42afadf1e7c831ffb62
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-16 21:17:29 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-16 21:19:11 +0000

    net-dns/libidn: stable 1.35 for ia64, bug #655668
    
    Bug: https://bugs.gentoo.org/655668
    Package-Manager: Portage-2.3.36, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 net-dns/libidn/libidn-1.35.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 Larry the Git Cow gentoo-dev 2018-05-19 09:26:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1f3b045e9f35ebb23ffd9bf4b8b4a0cec5b3126

commit a1f3b045e9f35ebb23ffd9bf4b8b4a0cec5b3126
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-05-19 08:20:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-19 09:25:54 +0000

    net-dns/libidn: stable 1.35 for sparc
    
    Bug: https://bugs.gentoo.org/655668
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 net-dns/libidn/libidn-1.35.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 9 Matt Turner gentoo-dev 2018-05-25 04:12:57 UTC 
ppc/ppc64 stable
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2018-05-25 12:50:32 UTC 
missing arch...
Comment 11 Mart Raudsepp gentoo-dev 2018-05-26 10:08:22 UTC 
arm64 stable
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2018-06-11 15:48:21 UTC 
@maintainer, can the 0 slot be cleaned?
Comment 13 Yury German Gentoo Infrastructure gentoo-dev 2019-03-11 02:26:38 UTC 
Following up on the question - @maintainer, can the 0 slot be cleaned?
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 20:02:30 UTC 
(In reply to Yury German from comment #13)
> Following up on the question - @maintainer, can the 0 slot be cleaned?

Tree now clean.