Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18a22792 by Salvatore Bonaccorso at 2019-10-27T12:51:55Z
Update notes on CVE-2019-17498/libssh2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3179,6 +3179,10 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions,
the SSH_MSG_DISCONNECT l
- libssh2 <unfixed> (bug #943562)
NOTE:
https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
+ NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct
string_buf,
+ NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
+ NOTE: libssh2_get_string(), forming part of the fix):
+ NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416
CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a
memory le ...)
- boa <removed>
CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an
out-of-m ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
