pool/zeromq
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add missing bug numbers to changelog

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=75
This commit is contained in:
Adam Majer 2020-10-05 12:37:13 +00:00 committed by Git OBS Bridge
parent 3e3b37d5cc
commit 900467cba6
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
zeromq.changes
View File

@ -17,17 +17,17 @@ Mon Sep 7 16:56:09 UTC 2020 - Adam Majer <adam.majer@suse.de>
length of a subscription topic. Topics are under the control of remote
clients - they can send a subscription to arbitrary length topics. An
attacker can thus cause a server to create an mtrie sufficiently large such
that, when unsubscribing, traversal will cause a stack overflow.
that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258)
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
* Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the metadata
is kept referenced in the PUB object and never freed.
is kept referenced in the PUB object and never freed. (bsc#1176257)
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
* Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
still has an unfinished message, the message is leaked. (bsc#1176259)
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
* Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
@ -35,7 +35,7 @@ Mon Sep 7 16:56:09 UTC 2020 - Adam Majer <adam.majer@suse.de>
messages larger than 8192 bytes, the decoder can be tricked into changing
the recorded size of the 8192 bytes static buffer, which then gets overflown
by the next message. The content that gets written in the overflown memory
is entirely decided by the sender.
is entirely decided by the sender. (bsc#1176256)
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6