Date: Tue, 26 Nov 2019 13:53:44 +0000 From: "Wall, Stephen" <stephen.wall@redcom.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: libidn2 vulnerability Message-ID: <b1cfa58c457745f597071101e84a6f13@redcom.com>
next in thread | raw e-mail | index | archive | help
Attempting to build dns/libidn2 in 2019Q4 results in this error: libidn2-2.2.0 is vulnerable: libidn2 -- roundtrip check vulnerability CVE: CVE-2019-12290 WWW: https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html The cited link says "libidn2 before 2.2.0", as does the CVE. Is 2.2.0 actually vulnerable? Either the vulnerability database needs to be fixed, or version 2.3.0 should be ported from head. Thanks. -- Stephen Wall Senior Staff Software Engineer 585.924.7550 REDCOM Laboratories, Inc. One Redcom Center Victor, NY 14564-0995 www.redcom.com DUNS 09-166-5919 | CAGE 1U548 Woman Owned Small Business
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b1cfa58c457745f597071101e84a6f13>