mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 15:02:01 +08:00
Hirokazu MORIKAWA
aaa46eb44e
idna: fix OOB read in punycode decoder libuv was vulnerable to out-of-bounds reads in the uv__idna_toascii() function which is used to convert strings to ASCII. This is called by the DNS resolution function and can lead to information disclosures or crashes. https://github.com/libuv/libuv/commit/b7466e31e4bee160d82a68fca11b1f61d46debae https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561 https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>