-
libuv1 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:02 -0500
-
libuv1 (1.43.0-1) unstable; urgency=medium
* new upstream version
* control:
* declare compliance with policy 4.6.0
* remove conflicts on ancient libuv0.10-dev package
* update copyright with cme
* do not install cmake files
* update symbols file
* README.source.org: add quilt pop -a instruction
-- Dominique Dumont <email address hidden> Sat, 15 Jan 2022 18:15:17 +0100
-
libuv1 (1.42.0-1) unstable; urgency=medium
* new upstream version
* update fill.copyright.blanks
* update copyright with cme
* removed patch for CVE (applied upstream)
* refresh patch
* control:
* declare compliance with policy 4.5.1
* use debhelper 13
* set Rules-Requires-Root to no
* watch: watch github and use v4
* rules: remove obsolete dbgsym-migration instructions
* update symbols file
* converted README.source to org-mode
-- Dominique Dumont <email address hidden> Sat, 11 Sep 2021 18:50:00 +0200
-
libuv1 (1.40.0-2ubuntu1) impish; urgency=medium
* debian/patches/lp1939707-build-turn-on-fno-strict-aliasing.patch:
cherry-picked from upstream to fix LTO-related FTBFS. LP: #1939707
-- Simon Chopin <email address hidden> Mon, 06 Sep 2021 10:16:30 +0200