Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2020-01-07 20:26:28 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Pullup ticket #6107 - requested by is
security/libssh: security fix
Revisions pulled up:
- security/libssh/Makefile 1.34
- security/libssh/PLIST 1.15
- security/libssh/distinfo 1.20
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Dec 31 12:27:03 UTC 2019
Modified Files:
pkgsrc/security/libssh: Makefile PLIST distinfo
Log message:
libssh: update to 0.93.
version 0.9.3 (released 2019-12-10)
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
|
Next | Query returned 1 messages, browsing 1 to 10 | previous