oss-sec mailing list archives
Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 4 Nov 2016 09:52:32 +0100
On Wed, 2 Nov 2016 11:07:45 +0000 Stuart Henderson <stu () spacehopper org> wrote:
This switches to using libidn2,
[...]
Has anyone poked at it much yet?
I poked a bit. Nothing spectacular, a stac underread (accesses -1 of array), but only in the command line tool: https://gitlab.com/jas/libidn2/commit/3e3742321e7a280874903a7f7ae9bae7852c3415 And a memleak (not committed yet, sent to the maintianer). It's only one function, so it's not too much to test. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson (Nov 02)
- Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host cve-assign (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 04)
- Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Kristian Fiskerstrand (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson (Nov 02)