Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef8e3564 by Roberto C. Sánchez at 2020-02-27T18:31:49-05:00
update notes on CVE-2020-9274/pure-ftpd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -362,8 +362,10 @@ CVE-2020-9275
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized
pointer ...)
- pure-ftpd 1.0.49-4 (bug #952666)
NOTE:
https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
- NOTE: though the CVE description does not specifically say, the issue
seems to be a heap out-of-bounds read
- NOTE: probably not the end of the world, but it is made worse by use of
the rather unsafe strcmp() instead of strncmp() in the vulnerable functions
+ NOTE: though the CVE description does not specifically say, the issue
seems to be an
+ NOTE: out-of-bounds memory read which may result in information
disclosure;
+ NOTE: probably not the end of the world, but it is made worse by use of
the rather
+ NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by
interru ...)
{DSA-4635-1 DLA-2115-1}
- proftpd-dfsg 1.3.6c-1 (bug #951800)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8e356471d8d32e15f7a590d76b91ccfd0af502
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef8e356471d8d32e15f7a590d76b91ccfd0af502
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
