libidn2 vulnerability
Wall, Stephen
stephen.wall at redcom.com
Tue Nov 26 13:53:48 UTC 2019
Attempting to build dns/libidn2 in 2019Q4 results in this error:
libidn2-2.2.0 is vulnerable:
libidn2 -- roundtrip check vulnerability
CVE: CVE-2019-12290
WWW: https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html
The cited link says "libidn2 before 2.2.0", as does the CVE. Is 2.2.0 actually vulnerable? Either the vulnerability database needs to be fixed, or version 2.3.0 should be ported from head.
Thanks.
--
Stephen Wall
Senior Staff Software Engineer
585.924.7550
REDCOM Laboratories, Inc.
One Redcom Center
Victor, NY 14564-0995
www.redcom.com
DUNS 09-166-5919 | CAGE 1U548
Woman Owned Small Business
More information about the freebsd-security
mailing list