[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-12695 as no-dsa for buster

Tue Aug 4 19:57:03 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39e2355c by Salvatore Bonaccorso at 2020-08-04T20:55:15+02:00
Mark CVE-2020-12695 as no-dsa for buster

Furthermore, making UPnP available over the the internet pose further
risk on its own additional to the CallStranger vulnerability. Exposing
UPnP services on untrusted networks can be considered a
misconfiguration.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9492,11 +9492,11 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
 	- wpa <unfixed>
 	[buster] - wpa <no-dsa> (Minor issue)
 	- gupnp 1.2.3-1
+	[buster] - gupnp <no-dsa> (Minor issue)
 	NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
 	NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
 	NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
 	NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
-	TODO: for gupnp, there are partial fixes, check
 CVE-2020-12694
 	RESERVED
 CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2355cf3119934ba37a61ac2c939562e936175

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2355cf3119934ba37a61ac2c939562e936175
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200804/c2ebe7ac/attachment.html>
