Package "capnproto"
Name: |
capnproto
|
Description: |
tool for working with the Cap'n Proto data interchange format
|
Latest version: |
0.4.0-1ubuntu2.1 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://kentonv.github.io/capnproto/ |
Links
Download "capnproto"
Other versions of "capnproto" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
capnproto (0.4.0-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: Integer overflow in pointer validation.
- debian/patches/CVE-2015-2310.patch: fix in src/capnp/layout.c++
- CVE-2015-2310
* SECURITY UPDATE: Integer underflow in pointer validation.
- debian/patches/CVE-2015-2311.patch: fix in src/capnp/layout.c++
- CVE-2015-2311
* SECURITY UPDATE: CPU usage amplification attack.
- debian/patches/CVE-2015-2312.patch: fix in src/capnp/arena.h,
src/capnp/encoding-test.c++ and src/capnp/layout.c++
- CVE-2015-2312
* SECURITY UPDATE: CPU additional CPU amplification case.
- debian/patches/CVE-2015-2313.patch: fix in src/capnp/layout.c++
and src/capnp/encoding-test.c++
- CVE-2015-2313
* SECURITY UPDATE: Prevent compiler from eliding bounds checks.
- debian/patches/CVE-2017-7892.patch: fix in src/capnp/arena.h
- CVE-2017-7892
-- Eduardo Barretto <email address hidden> Mon, 30 Jul 2018 20:00:10 -0300
|
CVE-2015-2310 |
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or p |
CVE-2015-2311 |
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly |
CVE-2015-2312 |
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource con |
CVE-2015-2313 |
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote pe |
CVE-2017-7892 |
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit l |
|
About
-
Send Feedback to @ubuntu_updates