Hi, On Mon, May 06, 2024 at 12:06:18PM +0200, Sebastian Pipping wrote: > Ealier today uriparser 0.9.8 has been released. Version 0.9.8 fixes two > security issues: CVE-2024-34402 and CVE-2024-34403. For more > details, please check out the change log [1]. > > If you happen to have patches for uriparser that are still required with > 0.9.8, please send them my way.
> [1] https://github.com/uriparser/uriparser/blob/uriparser-0.9.8/ChangeLog Let's be including vulnerability information right in here, not only via reference, so: * Fixed: [CVE-2024-34402] Protect against integer overflow in ComposeQueryEngine (GitHub #183, GitHub #185) * Fixed: [CVE-2024-34403] Protect against integer overflow in ComposeQueryMallocExMm (GitHub #183, GitHub #186) Thanks, Alexander
