[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2020-15473 as not affected for stretch

Sat Aug 22 11:20:27 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a265fde4 by Thorsten Alteholz at 2020-08-22T12:12:12+02:00
mark CVE-2020-15473 as not affected for stretch

- - - - -
197ae415 by Thorsten Alteholz at 2020-08-22T12:20:09+02:00
claim bind9 and curl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18731,6 +18731,7 @@ CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequ
 	NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
 CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
 	- ndpi <unfixed>
+	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
 CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
 	- ndpi <unfixed>


=====================================
data/dla-needed.txt
=====================================
@@ -32,6 +32,8 @@ ark (Abhijith PA)
 asyncpg (Utkarsh Gupta)
   NOTE: 20200815: Minor issue, but easy to fix. (sunweaver)
 --
+bind9 (Thorsten Alteholz)
+--
 cacti
   NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith)
   NOTE: 20200620: WIP (abhijith)
@@ -57,6 +59,8 @@ condor
   NOTE: 20200712: Requested input on path forward from debian-lts at l.d.o (roberto)
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
+curl (Thorsten Alteholz)
+--
 eclipse-wtp
 --
 f2fs-tools



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e6019f4b02ecf5e10488f1d01b4c37122dfc6b3...197ae4159e9512e0ca8f1e0c8da90469a833d0da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e6019f4b02ecf5e10488f1d01b4c37122dfc6b3...197ae4159e9512e0ca8f1e0c8da90469a833d0da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/c4e183d6/attachment-0001.html>
