[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2020-15473 as not affected for stretch

Sat, 22 Aug 2020 03:21:00 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a265fde4 by Thorsten Alteholz at 2020-08-22T12:12:12+02:00
mark CVE-2020-15473 as not affected for stretch

- - - - -
197ae415 by Thorsten Alteholz at 2020-08-22T12:20:09+02:00
claim bind9 and curl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18731,6 +18731,7 @@ CVE-2020-15474 (In nDPI through 3.2, there is a stack 
overflow in extractRDNSequ
        NOTE: 
https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
 CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a 
heap-bas ...)
        - ndpi <unfixed>
+       [stretch] - ndpi <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
 CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a 
heap-based ...)
        - ndpi <unfixed>


=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,8 @@ ark (Abhijith PA)
 asyncpg (Utkarsh Gupta)
   NOTE: 20200815: Minor issue, but easy to fix. (sunweaver)
 --
+bind9 (Thorsten Alteholz)
+--
 cacti
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for 
jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)
@@ -57,6 +59,8 @@ condor
   NOTE: 20200712: Requested input on path forward from [email protected] 
(roberto)
   NOTE: 20200727: Waiting on maintainer feedback: 
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
+curl (Thorsten Alteholz)
+--
 eclipse-wtp
 --
 f2fs-tools



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e6019f4b02ecf5e10488f1d01b4c37122dfc6b3...197ae4159e9512e0ca8f1e0c8da90469a833d0da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e6019f4b02ecf5e10488f1d01b4c37122dfc6b3...197ae4159e9512e0ca8f1e0c8da90469a833d0da
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to