[Git][security-tracker-team/security-tracker][master] Reference upstream tags for several upstream commits for ndpi

Salvatore Bonaccorso carnil at debian.org
Sat Dec 19 10:06:01 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da0d6197 by Salvatore Bonaccorso at 2020-12-19T11:05:49+01:00
Reference upstream tags for several upstream commits for ndpi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39051,29 +39051,29 @@ CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-ba
 	{DLA-2354-1}
 	- ndpi <unfixed> (bug #972050)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
-	NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
+	NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4)
 CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
 	- ndpi <unfixed> (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
-	NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952
+	NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4)
 CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
 	- ndpi <unfixed> (bug #972050)
 	[buster] - ndpi <not-affected> (Vulnerable code not present)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present)
-	NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
+	NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4)
 CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
 	- ndpi <unfixed> (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
-	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
+	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4)
 CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
 	- ndpi <unfixed> (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
-	NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701
+	NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4)
 CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
 	- ndpi <unfixed> (bug #972050)
 	[buster] - ndpi <not-affected> (Vulnerable code not present)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present)
-	NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
+	NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4)
 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
 	NOT-FOR-US: ffjpeg
 CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
@@ -48535,14 +48535,14 @@ CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash
 	[buster] - ndpi <not-affected> (Introduced in 3.0)
 	[stretch] - ndpi <not-affected> (Introduced in 3.0)
 	[jessie] - ndpi <not-affected> (Introduced in 3.0)
-	NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
+	NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
 CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
 	- ndpi <unfixed> (bug #972050)
 	[buster] - ndpi <not-affected> (Introduced in 3.0)
 	[stretch] - ndpi <not-affected> (Introduced in 3.0)
 	[jessie] - ndpi <not-affected> (Introduced in 3.0)
-	NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202
+	NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 (3.4)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
 CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
 	NOT-FOR-US: JetBrains TeamCity



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0d6197658475e7f6e661ee6e0891e5fcca9670

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da0d6197658475e7f6e661ee6e0891e5fcca9670
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201219/f8836101/attachment.html>

More information about the debian-security-tracker-commits mailing list