Hi!
Ealier today uriparser 0.9.8 has been released. Version 0.9.8 fixes two
security issues: CVE-2024-34402 and CVE-2024-34403. For more
details, please check out the change log [1].
If you happen to have patches for uriparser that are still required with
0.9.8, please send them my way.
Thanks and best
Sebastian
[1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog
Hi,
On Mon, May 06, 2024 at 12:06:18PM +0200, Sebastian Pipping wrote:
> Ealier today uriparser 0.9.8 has been released. Version 0.9.8 fixes two
> security issues: CVE-2024-34402 and CVE-2024-34403. For more
> details, please check out the change log [1].
>
> If you happen to have patches for uriparser that are still required with
> 0.9.8, please send them my way.
> [1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog
Let's be including vulnerability information right in here, not only via
reference, so:
* Fixed: [CVE-2024-34402]
Protect against integer overflow in ComposeQueryEngine
(GitHub #183, GitHub #185)
* Fixed: [CVE-2024-34403]
Protect against integer overflow in ComposeQueryMallocExMm
(GitHub #183, GitHub #186)
Thanks,
Alexander