[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-20892/net-snmp: reference breaking commit range

Wed, 08 Jul 2020 03:58:53 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65197fa8 by Sylvain Beucler at 2020-07-08T12:56:55+02:00
CVE-2019-20892/net-snmp: reference breaking commit range
as discussed at #963713

- - - - -
85a1b3f8 by Sylvain Beucler at 2020-07-08T12:57:19+02:00
CVE-2019-20892/net-snmp: stretch not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1584,6 +1584,7 @@ CVE-2020-14930 (An issue was discovered in BT CTROMS 
Terminal OS Port Portal CT-
        NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464
 CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in 
usm_free_usmStateRefer ...)
        - net-snmp 5.8+dfsg-3 (bug #963713)
+       [stretch] - net-snmp <not-affected> (Vulnerable code introduced later)
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4
        NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
        NOTE: 
https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2
@@ -1594,7 +1595,7 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double 
free in usm_free_usmStat
        NOTE: 
https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
        NOTE: Extra patches to address memory leaks:
        NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
-       TODO: It is claimed that the issue does not affect older versions than 
5.8, but no source evidence has been yet shown
+       NOTE: Introduced in 
https://github.com/net-snmp/net-snmp/compare/1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c...e207b8113260fd7d84df0ebdb66925ab70da29b2
 (5.8-dev)
 CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of 
products, has ...)
        NOT-FOR-US: WooCommerce
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure 
connection aft ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b932f97e2d2f491b00e4ced84ea3d36ff5d6aebc...85a1b3f873f957eb43765c4395cc836651a2d9f7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b932f97e2d2f491b00e4ced84ea3d36ff5d6aebc...85a1b3f873f957eb43765c4395cc836651a2d9f7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to