931259 – (CVE-2024-34402, CVE-2024-34403) <dev-libs/uriparser-0.9.8: multiple vulnerabilities

Bug 931259 (CVE-2024-34402, CVE-2024-34403) - <dev-libs/uriparser-0.9.8: multiple vulnerabilities

Summary: <dev-libs/uriparser-0.9.8: multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2024-34402, CVE-2024-34403

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Sebastian Pipping

URL:
Whiteboard:
Keywords:

Depends on:	931260
Blocks:
	Show dependency tree

Reported:	2024-05-05 17:23 UTC by Sebastian Pipping
Modified:	2024-05-05 17:32 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Pipping gentoo-dev

2024-05-05 17:23:50 UTC

- https://github.com/uriparser/uriparser/issues/183
- https://github.com/uriparser/uriparser/pull/185
- https://github.com/uriparser/uriparser/pull/186

Bump to 0.9.8 upcoming in a minute…

Comment 1 Larry the Git Cow gentoo-dev

2024-05-05 17:24:44 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08a036381b2e8d6ffeba7bc6a3ef269ba45de9e4

commit 08a036381b2e8d6ffeba7bc6a3ef269ba45de9e4
Author:     Sebastian Pipping <sping@gentoo.org>
AuthorDate: 2024-05-05 17:19:12 +0000
Commit:     Sebastian Pipping <sping@gentoo.org>
CommitDate: 2024-05-05 17:24:19 +0000

    dev-libs/uriparser: 0.9.8 with security fixes
    
    Bug: https://bugs.gentoo.org/931259
    Signed-off-by: Sebastian Pipping <sping@gentoo.org>

 dev-libs/uriparser/Manifest               |  1 +
 dev-libs/uriparser/uriparser-0.9.8.ebuild | 57 +++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)