-
libuv1 (1.34.2-1ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: hostname restriction bypass via truncation
- debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
output in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
in src/idna.c, test/test-idna.c.
- debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
IDNA in test/test-idna.c.
- CVE-2024-24806
* debian/patches/riscv64-skip-tcp-timeout.patch: skip unstable test on
riscv64 that keeps causing a FTBFS.
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:47 -0500
-
libuv1 (1.34.2-1ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-22918.patch: fix OOB read in punycode decoder
src/idna.c, test/test-idna.c, test/test-list.h and
skip test-tcp-writealot in riscv64.
- CVE-2021-22918
* debian/rules: bump timeout multiplier for tests in slow arch and adding
-no-parallel.
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 05 Jul 2021 14:32:59 -0300
-
libuv1 (1.34.2-1ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2020-8252.patch: fix buffer overruns when
processing very long paths in uv_fs_readlink() in src/unix/internal.h.
- CVE-2020-8252
-- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Sep 2020 10:37:02 -0300
-
libuv1 (1.34.2-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Use python2 in the autopkg test.
libuv1 (1.34.2-1) unstable; urgency=medium
* new upstream version
* add override license instructions for "cme udpate"
* update copyright file with cme
* refreshed patches
* update symbols
* control: declare compliance with policy 4.5.0
-- Steve Langasek <email address hidden> Thu, 13 Feb 2020 12:38:11 -0800
-
libuv1 (1.33.1-3ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Use python2 in the autopkg test.
* Dropped changes, included in Debian:
- Make autopkgtests cross-build-friendly.
libuv1 (1.33.1-3) unstable; urgency=medium
* make autopkgtests cross-test-friendly.
Thanks to Steve Langasek for the heads-up and the patch (Closes: #950294)
* no longer install libuv.la file
-- Steve Langasek <email address hidden> Sat, 01 Feb 2020 21:20:24 -0800
-
libuv1 (1.33.1-2ubuntu2) focal; urgency=medium
* Make autopkgtests cross-build-friendly.
-- Steve Langasek <email address hidden> Thu, 30 Jan 2020 16:53:07 -0800
-
libuv1 (1.33.1-2ubuntu1) focal; urgency=medium
* Use python2 in the autopkg test.
-- Matthias Klose <email address hidden> Wed, 22 Jan 2020 08:36:19 +0100
-
libuv1 (1.33.1-2) unstable; urgency=medium
* add patch to disable multicast testsuite which break
Debian builds
-- Dominique Dumont <email address hidden> Thu, 31 Oct 2019 17:49:00 +0100
-
libuv1 (1.30.1-1) unstable; urgency=medium
* new upstream version
* update symbols file
* ignore jpg files when scanning copyright
* updated copyright with cme
* refreshed patches
* control: declare compliance with policy 4.4.0
* control: add libuv1-dev dependency on freebsd-glue [kfreebsd-any].
Thanks to Sebastian Reichel for the hint (Closes: 921424)
-- Dominique Dumont <email address hidden> Fri, 26 Jul 2019 11:03:37 +0200