Skip to content

L
libzmq
Unverified Commit e21988d0 authored by Constantin Rack's avatar Constantin Rack Committed by GitHub
Browse files
Options

Merge pull request #3360 from bluca/cve 

Problem: NEWS for 4.3.1 does not mention CVE number
parents 2d025979 bfba6e5a
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
NEWS
View file @ e21988d0
...@@ -4,8 +4,9 @@ ...@@ -4,8 +4,9 @@
0MQ version 4.3.1 stable, released on 2019/01/12 0MQ version 4.3.1 stable, released on 2019/01/12
================================================ ================================================
* A vulnerability has been found that would allow attackers to direct a peer to * CVE-2019-6250: A vulnerability has been found that would allow attackers to
jump to and execute from an address indicated by the attacker. direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected. This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations. memory to jump to, so measures like ASLR are effective mitigations.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment