<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e">cc378b4b</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-01-16T06:52:53+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Correct status on CVE-2019-12111/miniupnpd for stretch

The copyIPv6IfDifferent helper was only introduce in

https://github.com/miniupnp/miniupnp/commit/3b12b8fb4e64e90a6319ae0aef3c240a44093439

But the CVE is relating to a NULL pointer dereference in

copyIPv6IfDifferent in pcpserver.c due to not checking the src argument.

This is not done as well before the above upstream commit introducing

the helper function, so one can argue that the CVE-2019-12111 applies to

earlier versions as well.

Thanks: Markus Linnala

Fixes: 8888a5e59b0b ("Mark CVE-2019-12111/miniupnpd as not-affected")

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc378b4bb39f03e0e6c9878df9f08a088023805e"}}</script>

</p>

</div>

</body>

</html>