| Package | libidn2 |
|---|---|
| Version | 2.0.5-1+deb10u2 (buster) |
| Related CVEs | CVE-2019-12290 |
It was found that libidn2, a library for internationalized domain names (IDNA2008/TR46), was vulnerable to a domain impersonation attack, where especially crafted domain names could impersonate other domains.
For Debian 10 buster, these problems have been fixed in version 2.0.5-1+deb10u2.
We recommend that you upgrade your libidn2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.