Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9d523229 by Salvatore Bonaccorso at 2021-09-05T08:40:22+02:00 Add noe for CVE-2019-0053/inetutils There was a followup fix for inetutils not directly covered by the CVE which fixed a following infitinte loop causing stack exhaustion, as noted by Adrian Bunk. Link: https://bugs.debian.org/945861#30 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -191593,6 +191593,9 @@ CVE-2019-0053 (Insufficient validation of environment variables in the telnet cl NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc NOTE: https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt NOTE: https://www.openwall.com/lists/oss-security/2018/12/14/8 + NOTE: Additional patch to fix infinite loop causing stack exhaustion (but not + NOTE: directly covered by this CVE applied in inetutils/2:2.2-2): + NOTE: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=0d246b17e51060daac8a26848a8d9e5722fcca24 CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the ...) NOT-FOR-US: Juniper CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d523229c2cca932e15170de5d628ca3314f965b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d523229c2cca932e15170de5d628ca3314f965b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
