diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 31 |
1 files changed, 28 insertions, 3 deletions
@@ -2,16 +2,41 @@ NOTE: uriparser is looking for help with a few things: https://github.com/uriparser/uriparser/labels/help%20wanted If you can help, please get in touch. Thanks! +2019-01-02 -- 0.9.1 + +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: + Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 + addresses with embedded IPv4 address, e.g. "//[::44.1"; + mitigated if passed parameter <afterLast> points to readable memory + containing a '\0' byte. + Thanks to Joergen Ibsen for the report! +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: When parsing a malformed URI with an IPvFuture address + (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first + character after "v" than the actual position of the error (here: the end + of the string) + * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed + for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch! + * Fixed: Compilation with MinGW + Thanks to Sandro Mani for the patch! + * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40) + * Improved: For parse errors, waterproof errorPos <= afterLast + * Soname: 1:24:0 + 2018-10-27 -- 0.9.0 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - * Fixed: Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx* + * Fixed: [CVE-2018-19198] + Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx* Commit 864f5d4c127def386dd5cc926ad96934b297f04e Thanks to Google Autofuzz team for the report! - * Fixed: Detect integer overflow in uriComposeQuery* and uriComposeQueryEx* + * Fixed: [CVE-2018-19199] + Detect integer overflow in uriComposeQuery* and uriComposeQueryEx* Commit f76275d4a91b28d687250525d3a0c5509bbd666f Thanks to Google Autofuzz team for the report! - * Fixed: Protect uriResetUri* against acting on NULL input + * Fixed: [CVE-2018-19200] + Protect uriResetUri* against acting on NULL input Commit f58c25069cf4a986fe17a80c5b38687e31feb539 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code |