idna: fix OOB read in punycode decoder

Resolves: CVE-2021-22918 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2021-07-09 09:27:11 -04:00 · 2021-07-09 09:27:11 -04:00 · d381c0bb14
parent 8a2dc0897d
commit d381c0bb14
3 changed files with 7 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -75,3 +75,4 @@ libuv-v*/
 /libuv-v1.39.0.tar.gz
 /libuv-v1.40.0.tar.gz
 /libuv-v1.41.0.tar.gz
+/libuv-v1.41.1.tar.gz
--- a/libuv.spec
+++ b/libuv.spec
@ -5,7 +5,7 @@

 Name:           libuv
 Epoch:          1
-Version:        1.41.0
+Version:        1.41.1
 Release:        1%{?dist}
 Summary:        Platform layer for node.js

@ -81,6 +81,10 @@ install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3}
 %{_libdir}/%{name}.a

 %changelog
+* Fri Jul 09 2021 Stephen Gallagher <sgallagh@redhat.com> - 1.41.1-1
+- idna: fix OOB read in punycode decoder
+- Resolves: CVE-2021-22918
+
 * Fri Feb 19 2021 Stephen Gallagher <sgallagh@redhat.com> - 1.41.0-1
 - Update to 1.41.0

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libuv-v1.41.0.tar.gz) = 33613fa28e8136507300eba374351774849b6b39aab4e53c997a918d3bc1d1094c6123e0e509535095b14dc5daa885eadb1a67bed46622ad3cc79d62dc817e84
+SHA512 (libuv-v1.41.1.tar.gz) = 2626f3300f7ea144b9db89a84d56674afc3caaf03dcf8afbe070c2631605ead07eb7c10982e3348a3d46865758d10f8be41f74104831ece08635c77103cabb69