Overview
Request 714173 accepted
- New upstream version 4.3.2:
* CVE-2019-13132: a remote, unauthenticated client connecting to a
libzmq application, running with a socket listening with CURVE
encryption/authentication enabled, may cause a stack overflow and
overwrite the stack with arbitrary data, due to a buffer overflow in
the library. Users running public servers with the above configuration
are highly encouraged to upgrade as soon as possible, as there are no
known mitigations. (bsc#1140255)
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
a versioned monitoring events protocol as a parameter. Passing 1 results in
the same behaviour as zmq_socket_monitor.
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
v2 API, which contains the current status of all the queues owned by the
monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
* New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
safe socket.
* New DRAFT (see NEWS for 4.2.0) socket options:
ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
duplicates when using last value caching.
ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
authentication.
- For complete set of changes, see
https://github.com/zeromq/libzmq/releases/tag/v4.3.2
- Created by vitezslav_cizek
- In state accepted
-
Package maintainer:
adamm
Request History
vitezslav_cizek created request
- New upstream version 4.3.2:
* CVE-2019-13132: a remote, unauthenticated client connecting to a
libzmq application, running with a socket listening with CURVE
encryption/authentication enabled, may cause a stack overflow and
overwrite the stack with arbitrary data, due to a buffer overflow in
the library. Users running public servers with the above configuration
are highly encouraged to upgrade as soon as possible, as there are no
known mitigations. (bsc#1140255)
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_versioned API that supports
a versioned monitoring events protocol as a parameter. Passing 1 results in
the same behaviour as zmq_socket_monitor.
* New DRAFT (see NEWS for 4.2.0) zmq_socket_monitor_pipes_stats that triggers
a new ZMQ_EVENT_PIPES_STATS to be delivered via zmq_socket_monitor_versioned
v2 API, which contains the current status of all the queues owned by the
monitored socket. See doc/zmq_socket_monitor_versioned.txt for details.
* New DRAFT (see NEWS for 4.2.0) zmq_poller_fd that returns the FD of a thread
safe socket.
* New DRAFT (see NEWS for 4.2.0) socket options:
ZMQ_XPUB_MANUAL_LAST_VALUE is similar to ZMQ_XPUB_MANUAL but allows to avoid
duplicates when using last value caching.
ZMQ_SOCKS_USERNAME and ZMQ_SOCKS_PASSWORD that implement SOCKS5 proxy
authentication.
- For complete set of changes, see
https://github.com/zeromq/libzmq/releases/tag/v4.3.2
dirkmueller accepted request
