Univention Bugzilla – Bug 52904
zeromq3: Multiple issues (4.4)
Last modified: 2021-03-17 14:00:10 CET
New Debian zeromq3 4.2.1-4+deb9u4 fixes: This update addresses the following issues: * Memory leak in client induced by malicious server without CURVE/ZAP (CVE-2021-20234) * Heap overflow when receiving malformed ZMTP v1 packets (CVE-2021-20235)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/zeromq3_4.2.1-4+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/zeromq3_4.2.1-4+deb9u4.dsc @@ -1,3 +1,11 @@ +4.2.1-4+deb9u4 [Tue, 09 Mar 2021 19:45:32 +0100] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2021-20234 + Memory leak in client induced by malicious server without CURVE/ZAP + * CVE-2021-20235 + Heap overflow when receiving malformed ZMTP v1 packets + 4.2.1-4+deb9u3 [Tue, 10 Nov 2020 19:39:03 +0530] Utkarsh Gupta <utkarsh@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-7/#8175432724594385019>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 7238dbaaa8 Bug #52904: zeromq3 4.2.1-4+deb9u4 doc/errata/staging/zeromq3.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x922>