[Git][security-tracker-team/security-tracker][master] Update notes on CVE-2019-17498/libssh2
Salvatore Bonaccorso
carnil at debian.org
Sun Oct 27 12:52:41 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18a22792 by Salvatore Bonaccorso at 2019-10-27T12:51:55Z
Update notes on CVE-2019-17498/libssh2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3179,6 +3179,10 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l
- libssh2 <unfixed> (bug #943562)
NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
+ NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf,
+ NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
+ NOTE: libssh2_get_string(), forming part of the fix):
+ NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416
CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
- boa <removed>
CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a227922360dec6b17b78c2ff96d034fa8d93b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191027/15107c24/attachment.html>
More information about the debian-security-tracker-commits
mailing list