[Whonix-devel] curl security issue? - [SECURITY NOTICE] libidn with bad UTF8 input

francois at avalenn.eu francois at avalenn.eu
Thu Jul 2 14:03:12 CEST 2015


On Wed, Jul 01, 2015 at 08:21:17PM +0000, Patrick Schleizer wrote:
> Are you aware of this already?
> 
> [SECURITY NOTICE] libidn with bad UTF8 input
> 
> http://curl.haxx.se/mail/lib-2015-06/0143.html

Out of curiosity, is it related to
https://security-tracker.debian.org/tracker/CVE-2015-2059 ?

I find the answer to this ticket a bit concise. Indeed it can be
considered as a non-important vulnerability on libidn but it seems to
me that it can trigger several more important in reverse-depends (as
it seems to be the case for curl).

Fran├žois.


More information about the Whonix-devel mailing list