libuv1 1.34.2-1ubuntu1.5 source package in Ubuntu
Changelog
libuv1 (1.34.2-1ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
* debian/patches/riscv64-skip-tcp-timeout.patch: skip unstable test on
riscv64 that keeps causing a FTBFS.
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:47 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | main | misc | |
| Focal | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libuv1_1.34.2.orig.tar.gz | 1.2 MiB | 8cfc368fc3eb2412a8972d3f0e600d9fb380ebc293c3b9403290ad00bab2ce3a |
| libuv1_1.34.2-1ubuntu1.5.debian.tar.xz | 25.2 KiB | 8c027ef4e78f56e0882b383a84d4da4cd7c969ca52e1e71cf32c989a90dcd757 |
| libuv1_1.34.2-1ubuntu1.5.dsc | 2.1 KiB | b4376bd9ba30b2b08cf634b685273e30ad426c272e3a4ce1f447cc28ece75a1e |
Available diffs
Binary packages built by this source
- libuv1: asynchronous event notification library - runtime library
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
This package includes the dynamic library against which you can link
your program.
- libuv1-dbgsym: debug symbols for libuv1
- libuv1-dev: asynchronous event notification library - development files
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
Install this package if you wish to develop your own programs using the
libuv engine.
