#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Tuesday 19th March 2019 ===

==== Fedora Project ====

 * Updated `libssh2` to 1.8.1 in F-28, F-29, F-30 and Rawhide:
  * Fixed possible integer overflow when reading a specially crafted packet ([[CVE:2019-3855|CVE-2019-3855]])
  * Fixed possible integer overflow in `userauth_keyboard_interactive` with a number of extremely long prompt strings ([[CVE:2019-3863|CVE-2019-3863]])
  * Fixed possible integer overflow if the server sent an extremely large number of keyboard prompts ([[CVE:2019-3856|CVE-2019-3856]])
  * Fixed possible out of bounds read when processing a specially crafted packet ([[CVE:2019-3861|CVE-2019-3861]])
  * Fixed possible integer overflow when receiving a specially crafted exit signal message channel packet ([[CVE:2019-3857|CVE-2019-3857]])
  * Fixed possible out of bounds read when receiving a specially crafted exit status message channel packet ([[CVE:2019-3862|CVE-2019-3862]])
  * Fixed possible zero byte allocation when reading a specially crafted `SFTP` packet ([[CVE:2019-3858|CVE-2019-3858]])
  * Fixed possible out of bounds reads when processing specially crafted `SFTP` packets ([[CVE:2019-3860|CVE-2019-3860]])
  * Fixed possible out of bounds reads in `_libssh2_packet_require(v)` ([[CVE:2019-3859|CVE-2019-3859]])
 . I added a patch to [[https://github.com/libssh2/libssh2/commit/74ecd0e1.patch|fix a mis-applied patch in the fix of CVE-2019-3859]]
 * Updated `perl-Math-Pari` to 2.030510 in F-30 and Rawhide

==== Local Packages ====

 * Updated `libssh2` to 1.8.1 as per the Fedora version

----