[ubuntu/disco-proposed] libssh2 1.8.0-2.1 (Accepted)
Adam Conrad
adconrad at 0c3.net
Wed Apr 3 17:28:09 UTC 2019
libssh2 (1.8.0-2.1) unstable; urgency=high
* Non-maintainer upload.
* Possible integer overflow in transport read allows out-of-bounds write
(CVE-2019-3855) (Closes: #924965)
* Possible integer overflow in keyboard interactive handling allows
out-of-bounds write (CVE-2019-3856) (Closes: #924965)
* Possible integer overflow leading to zero-byte allocation and
out-of-bounds write (CVE-2019-3857) (Closes: #924965)
* Possible zero-byte allocation leading to an out-of-bounds read
(CVE-2019-3858) (Closes: #924965)
* Out-of-bounds reads with specially crafted payloads due to unchecked use
of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
(Closes: #924965)
* Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
* Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
* Fixed misapplied patch for user auth.
* moved MAX size declarations
Date: 2019-04-03 10:31:21.778084+00:00
Signed-By: Adam Conrad <adconrad at 0c3.net>
https://launchpad.net/ubuntu/+source/libssh2/1.8.0-2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list