[2/6] guacamole-website git commit: Document vulnerability CVE-2017-3158, fixed in 0.9.11-incubating.

[vn...@apache.org]

Document vulnerability CVE-2017-3158, fixed in 0.9.11-incubating.


Project: http://git-wip-us.apache.org/repos/asf/guacamole-website/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-website/commit/172a5c32
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-website/tree/172a5c32
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-website/diff/172a5c32

Branch: refs/heads/master
Commit: 172a5c32896f56dac0576983cc44046e220f2f7a
Parents: bd823d2
Author: Michael Jumper <mj...@apache.org>
Authored: Sat Jan 6 16:12:48 2018 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Sun Jan 7 19:28:58 2018 -0800

----------------------------------------------------------------------
 _security/CVE-2017-3158.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/172a5c32/_security/CVE-2017-3158.md
----------------------------------------------------------------------
diff --git a/_security/CVE-2017-3158.md b/_security/CVE-2017-3158.md
new file mode 100644
index 0000000..5f28bdb
--- /dev/null
+++ b/_security/CVE-2017-3158.md
@@ -0,0 +1,13 @@
+---
+title: Buffer overflow in SSH/telnet terminal emulator
+cve:   CVE-2017-3158
+fixed: 0.9.11-incubating
+---
+
+A race condition in Guacamole's terminal emulator could allow writes of blocks
+of printed data to overlap. Such overlapping writes could cause packet data to
+be misread as the packet length, resulting in the remaining data being written
+beyond the end of a statically-allocated buffer.
+
+Acknowledgements: We would like to thank Hariprasad Ng for reporting this
+issue.