it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5063-1] uriparser security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5063-1] uriparser security update
Date: Wed, 26 Jan 2022 19:52:52 +0000
List-archive: https://lists.debian.org/msgid-search/E1nCoLc-0007US-9a AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=yQ5txfmRxT2WPdJ+tZj3qnTHruNJkGhMlDCT+piX1Fc=; b=nr iSYBHR0S8U98RAbL2ZdpA9WfGi7mRNXAqsGuncGJKxMgOq1BsSQ6CXqukVeANr5/xjB6ZfzBmDfgQ lvr8PnkMgVG0/zYZZINyGuaLRCMlCy6Xqqj38ZRPtroVd+OJogHehQg3Cv3g3ltVH3sCQF4dwfrPl iJ99TCLpHdLUimwQ9t+6ubWviEQNA6DdBUD/Y7epuuoRyjNX4LN8n8fPn6TcSGIaYBL+IzoiXa9ej xCJBEz27wXWiS/V0XfG2vZtoXtmswF6rqzC3CGKtdmut7r5AkavUeKP09woH+ofqYm82wzSw7U9S7 SmacuwpY3qoah6NvWCPn3609+z5rWX+A==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 26 Jan 2022 19:53:13 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <-yipJSq47TN.A.ajH.paa8hB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5063-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 26, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : uriparser
CVE ID : CVE-2021-46141 CVE-2021-46142

Two vulnerabilities were discovered in uriparser, a library that parses
Uniform Resource Identifiers (URIs), which may result in denial of
service or potentially in the the execution of arbitrary code.

For the oldstable distribution (buster), these problems have been fixed
in version 0.9.1-1+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 0.9.4+dfsg-1+deb11u1.

We recommend that you upgrade your uriparser packages.

For the detailed security status of uriparser please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/uriparser

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHxpfRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SO6w//Sczq6tmtTS6n2CZBBlwi4LJhBmQT2EvqYO1++pJuIHcoQSbTpBAAUXiV
fkpvX2XY/Ib53tHe3OpLcjjDokCQPTVRaZ4gHDn1t+UmgWPWZpcM86eoTpfGOhSu
gzsOP/Bnc56oFh4B/CpPWDj6qbDEFzgQvbxDdP+Ib7aKghvwQrYv3fiCj972+Sn8
/aBYNnyNDNW74shyUOXK4RysI14PdKkgPgiwakZSFDP/DxOf5n009SpJjFVuVooY
FkgmG5yFCuFryA4F0c7zfTGXa40WrBJljSQB8BH9NQygtzR6TA3Qdpk1Jt2wZ8y7
D7Nt9713pwjcI2lo5LGmGrV3wrqwN6PEqFuG9yt5wefo8LNb3VOafYFO+m7YWjEl
LjGkqDAGl33vq2S2ViMKCfpcSN3DgNL3JRGDVHTOruq7/iOVtuwomKwjKJPR/P6j
0Fjh3WlQLv6Xh1KdNn8eQGrwq04oPlfttD4SCVQx0OYtSA5Y437AvrGXn/ayGI8q
VFDd1Q/APP4brnPzoGQ6VBoYIPwNMk3J9Y7cJbBlqzDXORZwP1HmDrtIFjdEZbMe
utQ366atPq9Tck5/DoQi6D0pTmwgaDKgOUqSqQmGUS/D0dDO3ut47JwMD0Ve6FEj
wYShpzIEpRCspAyxSAfJZL46n49GkP/jnYonB/i7CIqMam1uPD0=
=H/LD
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5063-1] uriparser security update, Salvatore Bonaccorso, 26.01.2022

Archiv bereitgestellt durch MHonArc 2.6.24.