oss-sec mailing list archives
Re: Fwd: uriparser 0.9.8 released, includes security fixes
From: Solar Designer <solar () openwall com>
Date: Mon, 6 May 2024 12:32:22 +0200
Hi, On Mon, May 06, 2024 at 12:06:18PM +0200, Sebastian Pipping wrote:
Ealier today uriparser 0.9.8 has been released. Version 0.9.8 fixes two security issues: CVE-2024-34402 and CVE-2024-34403. For more details, please check out the change log [1]. If you happen to have patches for uriparser that are still required with 0.9.8, please send them my way.
[1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog
Let's be including vulnerability information right in here, not only via reference, so: * Fixed: [CVE-2024-34402] Protect against integer overflow in ComposeQueryEngine (GitHub #183, GitHub #185) * Fixed: [CVE-2024-34403] Protect against integer overflow in ComposeQueryMallocExMm (GitHub #183, GitHub #186) Thanks, Alexander
Current thread:
- Fwd: uriparser 0.9.8 released, includes security fixes Sebastian Pipping (May 06)
- Re: Fwd: uriparser 0.9.8 released, includes security fixes Solar Designer (May 06)