Incoherence in libidn2 vulnerability

Andrea Venturoli ml at netfence.it
Tue Nov 19 07:43:57 UTC 2019

Previous message (by thread): net-snmp crash
Next message (by thread): committer needed for security/vuxml SA entries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

# pkg audit
libidn2-2.2.0 is vulnerable:
         ^^^^^^^^
libidn2 -- roundtrip check vulnerability
CVE: CVE-2019-12290
WWW: 
https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html

Opening the link, I find:
GNU libidn2 *before* 2.2.0 fails...

Which is right?
Is 2.2.0 affected or not?

  bye & Thanks
	av.

Previous message (by thread): net-snmp crash
Next message (by thread): committer needed for security/vuxml SA entries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the freebsd-ports mailing list