[Git][security-tracker-team/security-tracker][master] 2 commits: Add extra note for CVE-2019-20892

Mon, 06 Jul 2020 09:02:22 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bfd99bdd by Salvatore Bonaccorso at 2020-07-06T17:57:12+02:00
Add extra note for CVE-2019-20892

- - - - -
7ac78dd9 by Salvatore Bonaccorso at 2020-07-06T17:58:19+02:00
Add TODO item for CVE-2019-20892

It has been claimed that the issue does not affect 5.7.3, but this
should be proven first. While it is correct that the poc does not
trigger the issue, we need to find where the issue has been introduced.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1378,6 +1378,9 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double 
free in usm_free_usmStat
        NOTE: 
https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705
        NOTE: 
https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
        NOTE: 
https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
+       NOTE: Extra patches to address memory leaks:
+       NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
+       TODO: It is claimed that the issue does not affect older versions than 
5.8, but no source evidence has been yet shown
 CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of 
products, has ...)
        NOT-FOR-US: WooCommerce
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure 
connection aft ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab98a41bad65b3d85d27f91a2ee213a079fc7e2d...7ac78dd934bea5f6ea8bc4a817873672c97e03db

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab98a41bad65b3d85d27f91a2ee213a079fc7e2d...7ac78dd934bea5f6ea8bc4a817873672c97e03db
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to