[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed versions for CVE-2020-10188

Salvatore Bonaccorso Tue, 31 Mar 2020 14:06:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
249c1de1 by Salvatore Bonaccorso at 2020-03-31T23:01:50+02:00
Track fixed versions for CVE-2020-10188

snapshot.d.o does not provide all versions, but those are the earlies
avaiable which contain the respective rewrites of the nextitem function
and related changes.

It would have been nice to try to track this down to a specific change
in netkit-telnet/0.17-14 which indicates an appropriate fix present
before the 0.17-18woody2 version.

- - - - -
cffb700a by Salvatore Bonaccorso at 2020-03-31T23:05:36+02:00
Remove netkit-telnet and netkit-telnet-ssl from dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2931,8 +2931,8 @@ CVE-2020-10190 (An issue was discovered in MunkiReport 
before 5.3.0. An authenti
 CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows 
remote code e ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows 
remote attac ...)
-       - netkit-telnet <unfixed> (bug #953477)
-       - netkit-telnet-ssl <unfixed> (bug #953478)
+       - netkit-telnet 0.17-18woody2 (bug #953477)
+       - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
        NOTE: 
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
        NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in 
sctp_load_address ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -23,10 +23,6 @@ mediawiki (jmm)
 --
 mercurial/oldstable
 --
-netkit-telnet
---
-netkit-telnet-ssl
---
 nodejs
 --
 nss/oldstable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/07494345ffa78ffb60a641c5c35ee29ed6f8564a...cffb700ae1b9c498bfaaad461d938cdf888e12e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/07494345ffa78ffb60a641c5c35ee29ed6f8564a...cffb700ae1b9c498bfaaad461d938cdf888e12e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed versions for CVE-2020-10188

Reply via email to