buildroot/package/libssh2
Fabrice Fontaine 8d76402ee1 package/libssh2: fix CVE-2019-17498
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-29 17:31:50 +01:00
..
0001-drop-custom-buildconf-script.patch
0002-acinclude.m4-add-mbedtls-to-LIBS.patch
0003-packet-c-improve-message-parsing.patch
Config.in
libssh2.hash
libssh2.mk