oss-sec mailing list archives

Re: Fwd: uriparser 0.9.8 released, includes security fixes

From: Solar Designer <solar () openwall com>
Date: Mon, 6 May 2024 12:32:22 +0200

Hi,

On Mon, May 06, 2024 at 12:06:18PM +0200, Sebastian Pipping wrote:

Ealier today uriparser 0.9.8 has been released.  Version 0.9.8 fixes two
security issues: CVE-2024-34402 and CVE-2024-34403.  For more
details, please check out the change log [1].

If you happen to have patches for uriparser that are still required with
0.9.8, please send them my way.

[1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog


Let's be including vulnerability information right in here, not only via
reference, so:

  * Fixed: [CVE-2024-34402]
      Protect against integer overflow in ComposeQueryEngine
      (GitHub #183, GitHub #185)
  * Fixed: [CVE-2024-34403]
      Protect against integer overflow in ComposeQueryMallocExMm
      (GitHub #183, GitHub #186)

Thanks,

Alexander

Current thread:

Fwd: uriparser 0.9.8 released, includes security fixes Sebastian Pipping (May 06)
- Re: Fwd: uriparser 0.9.8 released, includes security fixes Solar Designer (May 06)