tag name | libssh-0.9.3 (fae9b7a5eb375b1d2d37d9b939608900683c750b) |
tag date | 2019-12-10 16:05:09 +0100 |
tagged by | Andreas Schneider <asn@cryptomilk.org> |
tagged object | commit 64ce53fdba... |
download | libssh-0.9.3.tar.gz libssh-0.9.3.tar.xz libssh-0.9.3.zip |
---|
libssh-0.9.3
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl3vtDcACgkQfuD8TcwB
Tj3p5BAAinlJsSk0DPGclZCobi5sB2jkbIebXNMfP8A/otnly63SfBwrsy9WoKTP
GnCAQ4ihU8/8Z9g7HHMhT4f58SZ+MIh49twlWQn3PNXIt2n3rQu5rPt/313r/YUs
0LQ9yMPtYqvYs7azIMq+1eUzfJLkRuET7rzTPmolmIjQ/cfjKCID406BPOMYWf3G
JcwBG2/uVifyLAJsA4Vc/t762Q37x+Ugy7MmscxCNNNPaJqH3KSWOUkaBxuehx9l
ywBws3OoGTGLTgci2FM4KY1H3dAplesxYGW0V4769JwaCJ4AIzyairq5J8rLFION
zfSZh6zYao8UCcW0rEXFILdt3KWI4DHibsv2LGrQX2M1PjT9VUiEQhq+P1gPrg57
/oYLmzOYR0pQagFHsOKtpkUbV2MBwogeLOh1EHawDQ2fa9uYax4kfjgdx3H0Xjpu
GFMfInP57qjZsICLU9smLslB1aNBUyk4ihXurGdgmmnHzi4Qc0WdqH/FzxE6MHvI
783ePRHg3emHZwR5Oq4RMQh389Z9V8AEQnyEn9PO+cEr1nMmM6gl1WhwdM7+v9DA
H8Z6LWyPASL+F2lVckGaCCEVMLplT7KVibjyj04Tf7PzYhU1XhXH7/PfmiPHoITu
qM+3hqqVZKiQUo+SY+CGp+1D/Pg+IEudNah4W7dz5MysUx/QDyw=
=E/tJ
-----END PGP SIGNATURE-----