Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96e6f728 by Salvatore Bonaccorso at 2020-03-18T15:07:00+01:00 Revaluate state for CVE-2019-13456/freeradius I cannot say for sure where we got first the respective commits related to CVE-2019-11234 and CVE-2019-11235 but as well the description[1] and the relevant reference to the Red Hat bugzilla[2] shows that this is related to the commit[3]. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13456 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1737663 [3] https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa Contact with MITRE regarding CVE-2019-13456 and CVE-2019-20510 if they are considered on purpose different CVEs. Thanks: Thorsten Alteholz for pointing out this inconsistency. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -43878,14 +43878,11 @@ CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 - otrs2 <not-affected> (Only affects 7.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-11/ CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...) - - freeradius 3.0.17+dfsg-1.1 - [stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default) - [jessie] - freeradius <not-affected> (Vulnerable code added later) + - freeradius 3.0.20+dfsg-1 + [jessie] - freeradius <not-affected> (Vulnerable code introduced later in version 3.0.0) + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa (release_3_0_20) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1737663 NOTE: https://wpa3.mathyvanhoef.com/#new - NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/a99746c93b8b3ae3be367af0e46f0d6a9626f566 (master) - NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x) - NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235 CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96e6f728c485284b319e7b48e270227b61110940 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96e6f728c485284b319e7b48e270227b61110940 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
