diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2019-10-27 13:51:55 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-10-27 13:51:55 +0100 |
| commit | 18a227922360dec6b17b78c2ff96d034fa8d93b0 (patch) | |
| tree | f9ce17d716025f81429ec2f42df4ba59581e3c6f /data | |
| parent | 3c2ab73e66e34613804897f2452b83e7f358a328 (diff) | |
Update notes on CVE-2019-17498/libssh2
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 176035d3a9..f75902c083 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3179,6 +3179,10 @@ CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT l - libssh2 <unfixed> (bug #943562) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ + NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf, + NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and + NOTE: libssh2_get_string(), forming part of the fix): + NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416 CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...) - boa <removed> CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...) |