[Git][security-tracker-team/security-tracker][master] libssh2 fixed in sid

Moritz Muehlenhoff jmm at debian.org
Mon Dec 7 10:28:01 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19726358 by Moritz Muehlenhoff at 2020-12-07T11:27:52+01:00
libssh2 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80463,7 +80463,7 @@ CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Comp
 	NOT-FOR-US: Compal CH7465LG devices
 CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
 	{DLA-1991-1}
-	- libssh2 <unfixed> (low; bug #943562)
+	- libssh2 1.9.0-1 (low; bug #943562)
 	[buster] - libssh2 <no-dsa> (Minor issue)
 	[stretch] - libssh2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
@@ -95014,11 +95014,12 @@ CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 al
 	NOT-FOR-US: MuleSoft Mule
 CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
 	{DLA-1730-3}
-	- libssh2 <unfixed> (bug #932329)
+	- libssh2 1.9.0-1 (bug #932329)
 	[buster] - libssh2 <no-dsa> (Minor issue)
 	[stretch] - libssh2 <no-dsa> (Minor issue)
 	NOTE: https://blog.semmle.com/libssh2-integer-overflow/
 	NOTE: https://github.com/libssh2/libssh2/pull/350
+	NOTE: https://github.com/libssh2/libssh2/pull/350/commits/5929e269990fcf923fc5371b78a63b39c9fa7048
 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
 	- exiv2 0.27.2-6 (low)
 	[buster] - exiv2 <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197263589b2d9851bc17c9e80d8dfcd01e23de18

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197263589b2d9851bc17c9e80d8dfcd01e23de18
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201207/9a0bf8e1/attachment.html>

More information about the debian-security-tracker-commits mailing list