[Git][security-tracker-team/security-tracker][master] CVE-2020-22284/lwip buster not affected

Sat, 18 Nov 2023 09:11:24 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
db650aba by Tobias Frost at 2023-11-18T18:06:18+01:00
CVE-2020-22284/lwip buster not affected

The vulnerable code is in the 6LowPAN encapsulation for ZEP (ZigBee 
Enxapsulation Protocol),
which as been introduced with commit 43a55003da622851b1c1677c8e7cb75e9430300f,
first seen in tag STABLE-2_1_0_RC1. Buster does not have that feature.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -233657,10 +233657,11 @@ CVE-2020-22285
 CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() 
function of  ...)
        - lwip 2.1.3+dfsg1-1 (bug #991646)
        [bullseye] - lwip 2.1.2+dfsg1-8+deb11u1
-       [buster] - lwip <no-dsa> (Minor issue)
+       [buster] - lwip <not-affected> (vulnerable code is not present)
        NOTE: https://savannah.nongnu.org/bugs/index.php?58554
        NOTE: 
https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b
 (master)
        NOTE: 
https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=379d55044e9181533f1fd4d0e0cf89bc01cb9b8b
 (STABLE-2_1_3_RC1)
+       NOTE: Vulnerable feature introduced with 
https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=43a55003da622851b1c1677c8e7cb75e9430300f
 (first contained in STABLE-2_1_0_RC1)
 CVE-2020-22283 (A buffer overflow vulnerability in the 
icmp6_send_response_with_addrs_ ...)
        - lwip 2.1.3+dfsg1-1 (bug #991645)
        [bullseye] - lwip 2.1.2+dfsg1-8+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db650aba4558a355d1cf9ab82dd2212622b63d78

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db650aba4558a355d1cf9ab82dd2212622b63d78
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to