[Git][security-tracker-team/security-tracker][master] Mark coturn issues as no-dsa for stretch and buster

Salvatore Bonaccorso carnil at debian.org
Sat Feb 22 15:49:07 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
429cb526 by Salvatore Bonaccorso at 2020-02-22T16:48:02+01:00
Mark coturn issues as no-dsa for stretch and buster

The webserver for administration is not started by default (and if
started only listens on localhost by default). Minor impact in any case
thus marking it as no-dsa.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7300,11 +7300,15 @@ CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the un
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...)
 	- coturn <unfixed>
+	[buster] - coturn <no-dsa> (Minor issue)
+	[stretch] - coturn <no-dsa> (Minor issue)
 	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
 	NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
 CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
 	- coturn <unfixed>
+	[buster] - coturn <no-dsa> (Minor issue)
+	[stretch] - coturn <no-dsa> (Minor issue)
 	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
 	NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/429cb5267d26f16d7ad480289c6396dd7041a677

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/429cb5267d26f16d7ad480289c6396dd7041a677
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200222/15c59bd6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list