Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a6796123 by Chris Lamb at 2021-07-05T12:13:45+01:00
ndpi is actually not-affected in stretch LTS
(I was inside a sid chroot, not my stretch one.)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -185,6 +185,7 @@ CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has
a stack-based buffer
NOTE:
https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in
processClientServer ...)
- ndpi <unfixed> (bug #990528)
+ [stretch] - ndpi <not-affected> (Vulnerable code added later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
NOTE:
https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
=====================================
data/dla-needed.txt
=====================================
@@ -75,8 +75,6 @@ linux (Ben Hutchings)
--
linux-4.19 (Ben Hutchings)
--
-ndpi (Chris Lamb)
---
nettle (Emilio)
NOTE: 20210628: difficult backport, wip (Emilio)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a679612321f6efc011e300f923f334b3cda0fdf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a679612321f6efc011e300f923f334b3cda0fdf1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
