git.99rst.org Git - openwrt-packages.git/commit

author	Sebastian Kemper <redacted>
	Tue, 19 Mar 2019 07:28:05 +0000 (08:28 +0100)
committer	Sebastian Kemper <redacted>
	Tue, 19 Mar 2019 07:28:15 +0000 (08:28 +0100)
commit	90d895697a0dd421ed0a85e4a4978d2f072b4d46
tree	fd6e03b92e5ff9bd4314f487e739b2e288979ebc	tree \| snapshot
parent	21acccc48707a51e8510aa1eea331426bfbc2dee	commit \| diff

libssh2: version bump/ CVE fixes

- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <redacted>