[Git][security-tracker-team/security-tracker][master] Track fixed version for several ndpi issues via unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ec4b81f by Salvatore Bonaccorso at 2020-12-19T11:06:41+01:00
Track fixed version for several ndpi issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39049,28 +39049,28 @@ CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulner
 	NOT-FOR-US: RaspberryTortoise
 CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
 	{DLA-2354-1}
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
 	NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4)
 CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
 	NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4)
 CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[buster] - ndpi <not-affected> (Vulnerable code not present)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4)
 CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4)
 CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4)
 CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[buster] - ndpi <not-affected> (Vulnerable code not present)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4)
@@ -48531,14 +48531,14 @@ CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple
 CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
 	NOT-FOR-US: Open-AudIT
 CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[buster] - ndpi <not-affected> (Introduced in 3.0)
 	[stretch] - ndpi <not-affected> (Introduced in 3.0)
 	[jessie] - ndpi <not-affected> (Introduced in 3.0)
 	NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
 CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
-	- ndpi <unfixed> (bug #972050)
+	- ndpi 3.4-1 (bug #972050)
 	[buster] - ndpi <not-affected> (Introduced in 3.0)
 	[stretch] - ndpi <not-affected> (Introduced in 3.0)
 	[jessie] - ndpi <not-affected> (Introduced in 3.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec4b81f6fd6cb8956d117adec836384ed566a05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec4b81f6fd6cb8956d117adec836384ed566a05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201219/48414efa/attachment-0001.html>