Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libssh2: version bump/CVE fixes

Browse source 
- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit is contained in:
Sebastian Kemper 2019-03-19 08:48:55 +01:00
parent e47fe43ea5
commit 59aa52ccdb
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/libssh2/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libssh2
PKG_VERSION:=1.8.0
PKG_RELEASE:=2
PKG_VERSION:=1.8.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.libssh2.org/download
PKG_HASH:=39f34e2f6835f4b992cafe8625073a88e5a28ba78f83e8099610a7b3af4676d4
PKG_HASH:=40b517f35b1bb869d0075b15125c7a015557f53a5a3a6a8bffb89b69fd70f159
PKG_FIXUP:=autoreconf