libuv1 1.44.2-1ubuntu0.1 source package in Ubuntu
Changelog
libuv1 (1.44.2-1ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:37:10 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Mantic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | updates | main | misc | |
| Mantic | security | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libuv1_1.44.2.orig.tar.gz | 1.2 MiB | d79b4b06ef04be85fb890bf39d55942cc64c2e15fd14eaa32dae5dce94485484 |
| libuv1_1.44.2-1ubuntu0.1.debian.tar.xz | 21.3 KiB | 494a41df669a6a8e1139b210740e71df799e0187d6d0dcda9b2ba995a3c08f8a |
| libuv1_1.44.2-1ubuntu0.1.dsc | 2.1 KiB | 1e1924d82cfdfe873d976ffbd61cf1fcfe207ed43fadcd1bae2d82a662d00def |
Available diffs
Binary packages built by this source
- libuv1: asynchronous event notification library - runtime library
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
This package includes the dynamic library against which you can link
your program.
- libuv1-dbgsym: debug symbols for libuv1
- libuv1-dev: asynchronous event notification library - development files
Libuv is the asynchronous library behind Node.js. Very similar to libevent or
libev, it provides the main elements for event driven systems: watching and
waiting for availability in a set of sockets, and some other events like timers
or asynchronous messages. However, libuv also comes with some other extras
like:
* files watchers and asynchronous operations
* a portable TCP and UDP API, as well as asynchronous DNS resolution
* processes and threads management, and a portable inter-process
communications mechanism, with pipes and work queues
* a plugins mechanism for loading libraries dynamically
* interface with external libraries that also need to access the I/O.
.
Install this package if you wish to develop your own programs using the
libuv engine.
