#1136088 uriparser: CVE-2026-44927 CVE-2026-44928

Package:
src:uriparser
Source:
src:uriparser
Submitter:
Salvatore Bonaccorso
Date:
2026-05-09 12:11:02 UTC
Severity:
normal
Tags:
#1136088#5
Date:
2026-05-09 12:09:22 UTC
From:
To:
Hi,

The following vulnerabilities were published for uriparser.

CVE-2026-44927[0]:
| In uriparser before 1.0.2, there is pointer difference truncation to
| int in various places.


CVE-2026-44928[1]:
| In uriparser before 1.0.2, the function family EqualsUri can
| misclassify two unequal URIs as equal.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-44927
https://www.cve.org/CVERecord?id=CVE-2026-44927
https://github.com/uriparser/uriparser/pull/304
[1] https://security-tracker.debian.org/tracker/CVE-2026-44928
https://www.cve.org/CVERecord?id=CVE-2026-44928
https://github.com/uriparser/uriparser/pull/305

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore