Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Nov 2019 08:43:37 +0100
From:      Andrea Venturoli <ml@netfence.it>
To:        freebsd-ports@freebsd.org
Subject:   Incoherence in libidn2 vulnerability
Message-ID:  <fd2c43d2-0668-8afa-9846-ae4b74e60aca@netfence.it>
next in thread | raw e-mail | index | archive | help 
# pkg audit
libidn2-2.2.0 is vulnerable:
         ^^^^^^^^
libidn2 -- roundtrip check vulnerability
CVE: CVE-2019-12290
WWW: 
https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html

Opening the link, I find:
GNU libidn2 *before* 2.2.0 fails...

Which is right?
Is 2.2.0 affected or not?

  bye & Thanks
	av.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fd2c43d2-0668-8afa-9846-ae4b74e60aca>