oss-sec mailing list archives
Re: libuv 1.48.0 released, fixes CVE-2024-24806
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 11 Feb 2024 21:08:43 +0100
Hi, On Thu, Feb 08, 2024 at 12:15:23PM -0800, Alan Coopersmith wrote:
https://github.com/libuv/libuv/releases/tag/v1.48.0 shows the release yesterday of stable release 1.48.0, including a fix for CVE-2024-24806. https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 offers this information about that CVE:Affected versions: > 1.45.x Patched versions: v1.48.0
For completeness: The range of affected version in the above was rectified after contacting upstream: https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de did introduce the support, which is in v1.24.0. Regards, Salvatore
Current thread:
- libuv 1.48.0 released, fixes CVE-2024-24806 Alan Coopersmith (Feb 08)
- Re: libuv 1.48.0 released, fixes CVE-2024-24806 Salvatore Bonaccorso (Feb 11)