This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug network/22247] Integer overflow in the decode_digit function in puny_decode.c in libidn (CVE-2017-14062)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 23 May 2018 13:28:08 +0000
Subject: [Bug network/22247] Integer overflow in the decode_digit function in puny_decode.c in libidn (CVE-2017-14062)
Auto-submitted: auto-generated
References: <bug-22247-131@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=22247

--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  7f9f1ecb710eac4d65bb02785ddf288cac098323 (commit)
      from  5f7b841d3aebdccc2baed27cb4b22ddb08cd7c0c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7f9f1ecb710eac4d65bb02785ddf288cac098323

commit 7f9f1ecb710eac4d65bb02785ddf288cac098323
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed May 23 15:26:19 2018 +0200

    Switch IDNA implementation to libidn2 [BZ #19728] [BZ #19729] [BZ #22247]

    This provides an implementation of the IDNA2008 standard and fixes
    CVE-2016-6261, CVE-2016-6263, CVE-2017-14062.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                            |   64 +
 LICENSES                             |   69 -
 NEWS                                 |   24 +-
 config.h.in                          |    3 -
 include/dlfcn.h                      |    2 +-
 include/idna.h                       |    8 -
 inet/Makefile                        |   12 +-
 inet/Versions                        |    2 +
 inet/getnameinfo.c                   |   56 +-
 inet/idna.c                          |  182 +
 inet/idna_name_classify.c            |   75 +
 inet/net-internal.h                  |   27 +
 inet/tst-idna_name_classify.c        |   73 +
 libidn/Makefile                      |   34 -
 libidn/Versions                      |    6 -
 libidn/gunicomp.h                    |  658 ---
 libidn/gunidecomp.h                  |10362 ----------------------------------
 libidn/iconvme.c                     |  171 -
 libidn/iconvme.h                     |   25 -
 libidn/idn-stub.c                    |  142 -
 libidn/idna.c                        |  834 ---
 libidn/idna.h                        |   96 -
 libidn/nfkc.c                        | 1057 ----
 libidn/profiles.c                    |  308 -
 libidn/punycode.c                    |  454 --
 libidn/punycode.h                    |  214 -
 libidn/rfc3454.c                     | 3544 ------------
 libidn/shlib-versions                |    1 -
 libidn/stringprep.c                  |  668 ---
 libidn/stringprep.h                  |  209 -
 libidn/toutf8.c                      |  150 -
 nscd/gai.c                           |    3 -
 resolv/Makefile                      |   24 +-
 resolv/netdb.h                       |   16 +-
 resolv/tst-no-libidn2.c              |    2 +
 resolv/tst-resolv-ai_idn-common.c    |  569 ++
 resolv/tst-resolv-ai_idn-latin1.c    |   50 +
 resolv/tst-resolv-ai_idn-nolibidn2.c |  151 +
 resolv/tst-resolv-ai_idn.c           |   49 +
 support/support_format_addrinfo.c    |    2 -
 sysdeps/posix/getaddrinfo.c          |   81 +-
 sysdeps/unix/inet/Subdirs            |    1 -
 sysdeps/unix/inet/configure          |    9 -
 sysdeps/unix/inet/configure.ac       |    7 -
 44 files changed, 1351 insertions(+), 19143 deletions(-)
 delete mode 100644 include/idna.h
 create mode 100644 inet/idna.c
 create mode 100644 inet/idna_name_classify.c
 create mode 100644 inet/tst-idna_name_classify.c
 delete mode 100644 libidn/Makefile
 delete mode 100644 libidn/Versions
 delete mode 100644 libidn/gunicomp.h
 delete mode 100644 libidn/gunidecomp.h
 delete mode 100644 libidn/iconvme.c
 delete mode 100644 libidn/iconvme.h
 delete mode 100644 libidn/idn-stub.c
 delete mode 100644 libidn/idna.c
 delete mode 100644 libidn/idna.h
 delete mode 100644 libidn/nfkc.c
 delete mode 100644 libidn/profiles.c
 delete mode 100644 libidn/punycode.c
 delete mode 100644 libidn/punycode.h
 delete mode 100644 libidn/rfc3454.c
 delete mode 100644 libidn/shlib-versions
 delete mode 100644 libidn/stringprep.c
 delete mode 100644 libidn/stringprep.h
 delete mode 100644 libidn/toutf8.c
 create mode 100644 resolv/tst-no-libidn2.c
 create mode 100644 resolv/tst-resolv-ai_idn-common.c
 create mode 100644 resolv/tst-resolv-ai_idn-latin1.c
 create mode 100644 resolv/tst-resolv-ai_idn-nolibidn2.c
 create mode 100644 resolv/tst-resolv-ai_idn.c
 delete mode 100644 sysdeps/unix/inet/configure
 delete mode 100644 sysdeps/unix/inet/configure.ac

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]