diff --git a/zeromq.changes b/zeromq.changes index d71bca7..66a613d 100644 --- a/zeromq.changes +++ b/zeromq.changes @@ -17,17 +17,17 @@ Mon Sep 7 16:56:09 UTC 2020 - Adam Majer length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such - that, when unsubscribing, traversal will cause a stack overflow. + that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata - is kept referenced in the PUB object and never freed. + is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw * Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but - still has an unfinished message, the message is leaked. + still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). @@ -35,7 +35,7 @@ Mon Sep 7 16:56:09 UTC 2020 - Adam Majer messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory - is entirely decided by the sender. + is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6