libuv1 1.43.0-1ubuntu0.1 source package in Ubuntu
Changelog
libuv1 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:02 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | main | misc | |
| Jammy | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libuv1_1.43.0.orig.tar.gz | 1.2 MiB | 8e9b3d2b722a7e3ad1748d240f8cfd662b1be06c31ed83b5240df8a0e6ba6d9e |
| libuv1_1.43.0-1ubuntu0.1.debian.tar.xz | 21.4 KiB | 6c6c5e8bd110be19da699d4c902537c69f8596f92226c0c9ec6dc5b5f133b685 |
| libuv1_1.43.0-1ubuntu0.1.dsc | 2.1 KiB | 375d4f1c5beeff47b41a678260c57472020cccacaf9b86b4da19d148e68dabae |
Available diffs
Binary packages built by this source
- libuv1: asynchronous event notification library - runtime library
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
This package includes the dynamic library against which you can link
your program.
- libuv1-dbgsym: debug symbols for libuv1
- libuv1-dev: asynchronous event notification library - development files
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
Install this package if you wish to develop your own programs using the
libuv engine.
