Hi Luca, my understanding (supported by a simple test and code check) was that CVE-2014-4329 was fixed in version 1.2.0 https://svn.ntop.org/bugzilla/show_bug.cgi?id=379
However, as Salvatore noticed, it is announced as being fixed in version 1.2.1. Can you confirm which version fixed it, please? Thanks, Ludovico On Tue, Sep 9, 2014 at 11:06 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > Source: ntopng > Severity: grave > Tags: security upstream fixed-upstream > > Hi Ludovico, > > Marking this bugreport as grave, as more information seem a bit > scarce, so was not able to identify the issues. There is an upstream > report [1] which mentions several fixes were done in ntopng 1.2.1. > > [1] http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/ > >> Fixes for >> - CVE-2014-5464 > >> - CVE-2014-4329 > > Strangely this was marked as fixed in 1.2.0+dfsg1-1 in the security > tracker at [2]. Is this information correct? > > [2] https://security-tracker.debian.org/tracker/CVE-2014-4329 > >> - CVE-2014-5511, CVE-2014-5512, CVE-2014-5513, CVE-2014-5514, >> CVE-2014-5515 > > No information referenced for these in the advisory. > > Could you have a look at them and also clarify if CVE-2014-4329 > version information is wrong in the tracker? > > Regards, > Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
