Errata overview
Errata ID 240
Date 2016-09-07
Source package libidn
Fixed in version 1.25-2.21.201608291233
This update addresses the following issue(s):
* The stringprep_utf8_to_ucs4 function in libidn before 1.31, as used
  in jabberd2 and other applications, allows context-dependent
  attackers to read system memory and possibly have other unspecified
  impact via invalid UTF-8 characters in a string, which triggers an
  out-of-bounds read (CVE-2015-2059)
* Solve out-of-bounds-read when reading one zero byte as input
* out-of-bounds stack read in idna_to_ascii_4i (CVE-2016-6261)
* stringprep_utf8_nfkc_normalize reject invalid UTF-8 (CVE-2016-6263)
Additional notes
CVE ID CVE-2015-2059
UCS Bug number #39440