dgit.raspbian.org Git - libuv1.git/commit

author	Dominique Dumont <dod@debian.org>
	Sun, 4 Jul 2021 07:43:38 +0000 (08:43 +0100)
committer	Dominique Dumont <dod@debian.org>
	Sun, 4 Jul 2021 07:43:38 +0000 (08:43 +0100)
commit	ba81b7c1c42715909ec2ba56302fae68847c3e3c
tree	da96225a9f1dfb11de16d11c326c599f63668961	tree \| snapshot
parent	caad73a1e53cf8528f3addf0f83f520c15e7a89f	commit \| diff

Fix CVE-2021-22918

Bug-Debian: https://bugs.debian.org/990561
Forwarded: not-needed
Origin: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829

Snatched from original commit:

Original commit message:

    idna: fix OOB read in punycode decoder

    Reported by Eric Sesterhenn in collaboration with
    Cure53 and ExpressVPN.

Reported-By: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
    PR-URL: https://github.com/libuv/libuv-private/pull/1
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
CVE-ID: CVE-2021-22918
Refs: https://hackerone.com/reports/1209681
PR-URL: nodejs-private/node-private#267
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Gbp-Pq: Name fix-cve-2021-22918

src/idna.c		diff \| blob \| history
test/test-idna.c		diff \| blob \| history
test/test-list.h		diff \| blob \| history