Date: Tue, 26 Nov 2019 13:53:44 +0000 From: "Wall, Stephen" <stephen.wall@redcom.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: libidn2 vulnerability Message-ID: <b1cfa58c457745f597071101e84a6f13@redcom.com>
next in thread | raw e-mail | index | archive | help
Attempting to build dns/libidn2 in 2019Q4 results in this error: libidn2-2.2.0 is vulnerable: libidn2 -- roundtrip check vulnerability CVE: CVE-2019-12290 WWW: https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913= .html The cited link says "libidn2 before 2.2.0", as does the CVE. Is 2.2.0 actu= ally vulnerable? Either the vulnerability database needs to be fixed, or v= ersion 2.3.0 should be ported from head. Thanks. --=20 Stephen Wall Senior Staff Software Engineer 585.924.7550 REDCOM Laboratories, Inc. One Redcom Center Victor, NY 14564-0995 www.redcom.com DUNS 09-166-5919 | CAGE 1U548 Woman Owned Small Business
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b1cfa58c457745f597071101e84a6f13>