generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-12 10:33:52 +01:00
Code Issues Projects Releases Wiki Activity

Problem: NEWS for 4.3.1 does not mention CVE number

Browse Source 
Solution: add it now that it's been assigned
This commit is contained in:
Luca Boccassi 2019-01-14 09:54:19 +00:00
parent 2d02597964
commit bfba6e5a36
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -4,8 +4,9 @@
0MQ version 4.3.1 stable, released on 2019/01/12
================================================
* A vulnerability has been found that would allow attackers to direct a peer to
jump to and execute from an address indicated by the attacker.
* CVE-2019-6250: A vulnerability has been found that would allow attackers to
direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.