summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhsoting.net>2019-01-12 17:38:42 +0100
committerJörg Frings-Fürst <debian@jff-webhsoting.net>2019-01-12 17:38:42 +0100
commit6ada0507368fa5980bbfbe747480b68c632d7c37 (patch)
tree7b7f82d9ac64641da59e9948883e1289ad7b7f38 /ChangeLog
parenta08fa80b53e2228c96f6f49d0e5040348c57e97f (diff)
parent63b80068976fbc5460c284aef0e6560abcf13e68 (diff)
Update upstream source from tag 'upstream/0.9.1'
Update to upstream version '0.9.1' with Debian dir d61ac191808ad347e1c3732d262d9bd3dfe33000
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog31
1 files changed, 28 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 3a05e7e..420320d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,16 +2,41 @@ NOTE: uriparser is looking for help with a few things:
https://github.com/uriparser/uriparser/labels/help%20wanted
If you can help, please get in touch. Thanks!
+2019-01-02 -- 0.9.1
+
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+ * Fixed:
+ Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
+ addresses with embedded IPv4 address, e.g. "//[::44.1";
+ mitigated if passed parameter <afterLast> points to readable memory
+ containing a '\0' byte.
+ Thanks to Joergen Ibsen for the report!
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+ * Fixed: When parsing a malformed URI with an IPvFuture address
+ (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first
+ character after "v" than the actual position of the error (here: the end
+ of the string)
+ * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
+ for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
+ * Fixed: Compilation with MinGW
+ Thanks to Sandro Mani for the patch!
+ * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
+ * Improved: For parse errors, waterproof errorPos <= afterLast
+ * Soname: 1:24:0
+
2018-10-27 -- 0.9.0
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- * Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
+ * Fixed: [CVE-2018-19198]
+ Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
Commit 864f5d4c127def386dd5cc926ad96934b297f04e
Thanks to Google Autofuzz team for the report!
- * Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
+ * Fixed: [CVE-2018-19199]
+ Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
Commit f76275d4a91b28d687250525d3a0c5509bbd666f
Thanks to Google Autofuzz team for the report!
- * Fixed: Protect uriResetUri* against acting on NULL input
+ * Fixed: [CVE-2018-19200]
+ Protect uriResetUri* against acting on NULL input
Commit f58c25069cf4a986fe17a80c5b38687e31feb539
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code