libuv1 1.46.0-3ubuntu1 source package in Ubuntu
Changelog
libuv1 (1.46.0-3ubuntu1) noble; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:33:50 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Noble
- Original maintainer:
- Ubuntu Developers
- Architectures:
- linux-any hurd-any
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libuv1_1.46.0.orig.tar.gz | 1.3 MiB | cd108b2c6758ac051eabcfc94637fd4d24cdc188d2ac3d2b95fdf2b13c3d8ea7 |
| libuv1_1.46.0-3ubuntu1.debian.tar.xz | 22.3 KiB | 5a0a3daee954fa7f9e53caf2aa345d335eff0154e69ba8fd3024e13056c89d32 |
| libuv1_1.46.0-3ubuntu1.dsc | 2.0 KiB | 8df49f2e684b3925cd782a8de16cba8e6303948c3073aa904f1a168d93486ace |
Available diffs
Binary packages built by this source
- libuv1: No summary available for libuv1 in ubuntu noble.
No description available for libuv1 in ubuntu noble.
- libuv1-dbgsym: No summary available for libuv1-dbgsym in ubuntu noble.
No description available for libuv1-dbgsym in ubuntu noble.
- libuv1-dev: asynchronous event notification library - development files
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
Install this package if you wish to develop your own programs using the
libuv engine.
