generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-01-06 00:31:13 +01:00
Code Issues Projects Releases Wiki Activity

Problem: NEWS for 4.3.1 does not mention CVE number

Browse Source 
Solution: add it now that it's been assigned
This commit is contained in:
Luca Boccassi 2019-01-14 09:54:19 +00:00
parent 2d02597964
commit bfba6e5a36
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -4,8 +4,9 @@
0MQ version 4.3.1 stable, released on 2019/01/12 0MQ version 4.3.1 stable, released on 2019/01/12
================================================ ================================================
* A vulnerability has been found that would allow attackers to direct a peer to * CVE-2019-6250: A vulnerability has been found that would allow attackers to
jump to and execute from an address indicated by the attacker. direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected. This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations. memory to jump to, so measures like ASLR are effective mitigations.