UbuntuUpdates.org

Package "libcapnp-dev"

Name: libcapnp-dev

Description:

Cap'n Proto C++ library (development files)
Latest version: 0.4.0-1ubuntu2.1
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: capnproto
Homepage: http://kentonv.github.io/capnproto/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcapnp-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libcapnp-dev" in Trusty

Repository Area Version
base universe 0.4.0-1ubuntu2
security universe 0.4.0-1ubuntu2.1

Changelog

Version: 0.4.0-1ubuntu2.1 2018-07-31 20:06:45 UTC

  capnproto (0.4.0-1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in pointer validation.
    - debian/patches/CVE-2015-2310.patch: fix in src/capnp/layout.c++
    - CVE-2015-2310

  * SECURITY UPDATE: Integer underflow in pointer validation.
    - debian/patches/CVE-2015-2311.patch: fix in src/capnp/layout.c++
    - CVE-2015-2311

  * SECURITY UPDATE: CPU usage amplification attack.
    - debian/patches/CVE-2015-2312.patch: fix in src/capnp/arena.h,
      src/capnp/encoding-test.c++ and src/capnp/layout.c++
    - CVE-2015-2312

  * SECURITY UPDATE: CPU additional CPU amplification case.
    - debian/patches/CVE-2015-2313.patch: fix in src/capnp/layout.c++
      and src/capnp/encoding-test.c++
    - CVE-2015-2313

  * SECURITY UPDATE: Prevent compiler from eliding bounds checks.
    - debian/patches/CVE-2017-7892.patch: fix in src/capnp/arena.h
    - CVE-2017-7892

 -- Eduardo Barretto <email address hidden> Mon, 30 Jul 2018 20:00:10 -0300
CVE-2015-2310 Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or p
CVE-2015-2311 Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly
CVE-2015-2312 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource con
CVE-2015-2313 Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote pe
CVE-2017-7892 Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit l


About   -   Send Feedback to @ubuntu_updates