Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 18a22792 by Salvatore Bonaccorso at 2019-10-27T12:51:55Z Update notes on CVE-2019-17498/libssh2 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3179,6 +3179,10 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l - libssh2 <unfixed> (bug #943562) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ + NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf, + NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and + NOTE: libssh2_get_string(), forming part of the fix): + NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416 CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...) - boa <removed> CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits