[Git][security-tracker-team/security-tracker][master] 2 commits: Update information for libssh2 issues
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 19 09:19:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
98e06c75 by Salvatore Bonaccorso at 2019-03-19T09:18:39Z
Update information for libssh2 issues
- - - - -
77d95ff3 by Salvatore Bonaccorso at 2019-03-19T09:19:00Z
Fix note for reference to upstream information in CVE-2019-3858
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13887,50 +13887,59 @@ CVE-2019-3865
RESERVED
CVE-2019-3864
RESERVED
-CVE-2019-3863
+CVE-2019-3863 [Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes]
RESERVED
- libssh2 <unfixed>
NOTE: https://www.libssh2.org/CVE-2019-3863.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3862
+CVE-2019-3862 [Out-of-bounds memory comparison]
RESERVED
- libssh2 <unfixed>
NOTE: https://libssh2.org/CVE-2019-3862.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3861
+CVE-2019-3861 [Out-of-bounds reads with specially crafted SSH packets]
RESERVED
- libssh2 <unfixed>
NOTE: https://libssh2.org/CVE-2019-3861.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3860
+CVE-2019-3860 [Out-of-bounds reads with specially crafted SFTP packets]
RESERVED
- libssh2 <unfixed>
NOTE: https://libssh2.org/CVE-2019-3860.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3859
+CVE-2019-3859 [Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev`]
RESERVED
- libssh2 <unfixed>
NOTE: https://www.libssh2.org/CVE-2019-3859.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3858
+CVE-2019-3858 [Possible zero-byte allocation leading to an out-of-bounds read]
RESERVED
- libssh2 <unfixed>
- NOTE: ttps://libssh2.org/CVE-2019-3858.html
+ NOTE: https://libssh2.org/CVE-2019-3858.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
NOTE: https://github.com/libssh2/libssh2/pull/316
-CVE-2019-3857
+CVE-2019-3857 [Possible integer overflow leading to zero-byte allocation and out-of-bounds write]
RESERVED
- libssh2 <unfixed>
NOTE: https://www.libssh2.org/CVE-2019-3857.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3856
+CVE-2019-3856 [Possible integer overflow in keyboard interactive handling allows out-of-bounds write]
RESERVED
- libssh2 <unfixed>
NOTE: https://www.libssh2.org/CVE-2019-3856.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
-CVE-2019-3855
+CVE-2019-3855 [Possible integer overflow in transport read allows out-of-bounds write]
RESERVED
- libssh2 <unfixed>
NOTE: https://www.libssh2.org/CVE-2019-3855.html
+ NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
NOTE: https://github.com/libssh2/libssh2/pull/315
CVE-2019-3854
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/78d2bcc86ae238e832613703158bbd94efa20b93...77d95ff3f206bc9a7903b098ea70b75c1ddbde6f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/78d2bcc86ae238e832613703158bbd94efa20b93...77d95ff3f206bc9a7903b098ea70b75c1ddbde6f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/07a1c9ee/attachment.html>
More information about the debian-security-tracker-commits
mailing list