oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libuv 1.48.0 released, fixes CVE-2024-24806

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 11 Feb 2024 21:08:43 +0100
Hi,

On Thu, Feb 08, 2024 at 12:15:23PM -0800, Alan Coopersmith wrote:

https://github.com/libuv/libuv/releases/tag/v1.48.0 shows the release
yesterday of stable release 1.48.0, including a fix for CVE-2024-24806.

https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
offers this information about that CVE:


Affected versions: > 1.45.x
Patched versions:   v1.48.0


For completeness: The range of affected version in the above was
rectified after contacting upstream:

https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de

did introduce the support, which is in v1.24.0.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: