git.openwrt.org Git - feed/packages.git/commit

author	Sebastian Kemper <sebastian_ml@gmx.net>
	Tue, 19 Mar 2019 07:48:55 +0000 (08:48 +0100)
committer	Sebastian Kemper <sebastian_ml@gmx.net>
	Tue, 19 Mar 2019 07:48:58 +0000 (08:48 +0100)
commit	59aa52ccdb9e069b0e7b7b608d519bd1f8fe6d24
tree	fbca4fad80bb08046a6a74cc738e4e497f9d96b6	tree \| snapshot
parent	e47fe43ea5ff5ce7dec065a03c476154cee26286	commit \| diff

libssh2: version bump/CVE fixes

- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>