[Git][security-tracker-team/security-tracker][master] Fix links for CVE-2019-13115 and CVE-2019-17498

Anton Gladky (@gladk) Fri, 17 Dec 2021 11:43:20 -0800


Anton Gladky pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
89b10d09 by Anton Gladky at 2021-12-17T20:42:40+01:00
Fix links for CVE-2019-13115 and CVE-2019-17498

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -152922,13 +152922,12 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier 
versions, the SSH_MSG_DISCONNECT l
        [buster] - libssh2 <no-dsa> (Minor issue)
        [stretch] - libssh2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
-       NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
+  NOTE: 
https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/
        NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct 
string_buf,
        NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
        NOTE: libssh2_get_string(), forming part of the fix):
        NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416
        NOTE: Only exploitable with a malicious server
-  NOTE: 
https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/
 CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a 
memory le ...)
        - boa <removed>
 CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an 
out-of-m ...)
@@ -167489,7 +167488,7 @@ CVE-2019-13115 (In libssh2 before 1.9.0, 
kex_method_diffie_hellman_group_exchang
        - libssh2 1.9.0-1 (bug #932329)
        [buster] - libssh2 <no-dsa> (Minor issue)
        [stretch] - libssh2 <no-dsa> (Minor issue)
-       NOTE: https://blog.semmle.com/libssh2-integer-overflow/
+       NOTE: https://securitylab.github.com/research/libssh2-integer-overflow/
        NOTE: https://github.com/libssh2/libssh2/pull/350
        NOTE: 
https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598
 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server 
to cause ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b10d099ce6ed45b401780bacb8c535471a05d6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89b10d099ce6ed45b401780bacb8c535471a05d6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Fix links for CVE-2019-13115 and CVE-2019-17498

Reply via email to