Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp1297467lqh;
        Mon, 6 May 2024 03:32:56 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCUTBXyQY/KOmlH3mz9tWm4X3bXyWfW9FeAgeKsHjHG6bE/GhojAW0AeYCvsvbd+z6ktBLC5cJl2xUf23TsP1NNbaxPi/vT9OSkt9vmzkA==
X-Google-Smtp-Source: AGHT+IEqll3EiXty3pUbV83okqMrTqh2JV5nTLYj2q0M0h87deEXKU/sH0vaifwNWwotf1p23WAk
X-Received: by 2002:a05:6214:3001:b0:6a0:745b:f4fe with SMTP id ke1-20020a056214300100b006a0745bf4femr12145590qvb.54.1714991576199;
        Mon, 06 May 2024 03:32:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1714991576; cv=none;
        d=google.com; s=arc-20160816;
        b=EYmxApbEgm9F3J1Ajpla/rVuHI+QQpfaXNsSPaDpA1CbbQ5aUOVOT5+sxBPtt74VQ7
         TZ/hLPss9WQhakzbK+/tSXtD02Y+0AzTSCnSNLBB96Fb9ZhbTcB25FnlaM6AeiLeVJyw
         XzguNYhYwXu4VumYAAwhmxtmrOwtuqmIS9fV9A27DRuXCcbRfoQnM0Rz6pL2HO0DoZkh
         1GQ2g794YAyMJo0a0R01QnyBptSjrJdfyeFB6yKYjW42cbqNLb4oWnHszEncEkqCNBdO
         xzST5lZK8iLxIuCJClJEwX73uVDZcYJQxMkNDt2igLel9c3COwSEDuWNaZaB9K0jW0be
         d9rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:user-agent:in-reply-to:content-disposition:mime-version
         :references:message-id:to:from:date:delivered-to:delivered-to
         :reply-to:list-id:list-subscribe:list-unsubscribe:list-help
         :list-post:precedence:mailing-list;
        bh=dBh79PpZb4pXMotICh7bsDtJBR+/2yMQBbgcBOv8inM=;
        fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=;
        b=dXap+p/YAarksX7TG9tPzipK5qIxalwRAIHUTObGgvMMjgdx94lunTi30LqZyOH2rp
         SzFpSzbxS0rM8k2EfO2UDN9AAC0ljI0mGq8HpUGSzavE+Ub+ca5UALZTevWybfXRiGe7
         LDIlTsIqs+dQ9coHc957f30szLB+h/a5nJLeFM5wsOFLv/rexDqK0JmZ/Wk1UMsZABMh
         sRb/o3pcvqDt2krf3kCqGO+D12QtirD7enKoYh4naKkzesCcyyDXHYDm7a8WLjHx7/V5
         6qCImfmO0ZljUZIZS6gI8NrJa9O/5203fWNYFQFDrXnqkJ64totPXNQFo3OJy92WrcSb
         YHRA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com"
Return-Path: <oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com>
Received: from second.openwall.net (second.openwall.net. [193.110.157.125])
        by mx.google.com with SMTP id 3-20020a0562140d0300b006a0c9041b28si9126402qvh.32.2024.05.06.03.32.55
        for <linux.lists.archive@gmail.com>;
        Mon, 06 May 2024 03:32:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30120-linux.lists.archive=gmail.com@lists.openwall.com"
Received: (qmail 27702 invoked by uid 550); 6 May 2024 10:32:40 -0000
Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security@lists.openwall.com>
List-Help: <mailto:oss-security-help@lists.openwall.com>
List-Unsubscribe: <mailto:oss-security-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:oss-security-subscribe@lists.openwall.com>
List-ID: <oss-security.lists.openwall.com>
Reply-To: oss-security@lists.openwall.com
Delivered-To: mailing list oss-security@lists.openwall.com
Delivered-To: moderator for oss-security@lists.openwall.com
Received: (qmail 26031 invoked from network); 6 May 2024 10:32:23 -0000
Date: Mon, 6 May 2024 12:32:22 +0200
From: Solar Designer <solar@openwall.com>
To: oss-security@lists.openwall.com
Message-ID: <20240506103221.GA8492@openwall.com>
References: <be713b20-5424-49d1-b2f1-42bec6a3f361@pipping.org> <a0ecb569-69dd-4dd7-8ce4-f4043a98d695@pipping.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a0ecb569-69dd-4dd7-8ce4-f4043a98d695@pipping.org>
User-Agent: Mutt/1.4.2.3i
Subject: Re: [oss-security] Fwd: uriparser 0.9.8 released, includes security fixes

Hi,

On Mon, May 06, 2024 at 12:06:18PM +0200, Sebastian Pipping wrote:
> Ealier today uriparser 0.9.8 has been released.  Version 0.9.8 fixes two
> security issues: CVE-2024-34402 and CVE-2024-34403.  For more
> details, please check out the change log [1].
> 
> If you happen to have patches for uriparser that are still required with
> 0.9.8, please send them my way.

> [1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog

Let's be including vulnerability information right in here, not only via
reference, so:

  * Fixed: [CVE-2024-34402]
      Protect against integer overflow in ComposeQueryEngine
      (GitHub #183, GitHub #185)
  * Fixed: [CVE-2024-34403]
      Protect against integer overflow in ComposeQueryMallocExMm
      (GitHub #183, GitHub #186)

Thanks,

Alexander