[Git][security-tracker-team/security-tracker][master] CVE-2020-9366/screen: Mark versions prior to 4.7.0 as not-affected
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 25 07:28:44 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb66433d by Salvatore Bonaccorso at 2020-02-25T08:28:30+01:00
CVE-2020-9366/screen: Mark versions prior to 4.7.0 as not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,6 +37,9 @@ CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to
TODO: check
CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...)
- screen 4.8.0-1 (bug #950896)
+ [buster] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
+ [stretch] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
+ [jessie] - screen <not-affected> (Vulnerable code introduced in v4.7.0)
NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html
NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb66433d30052094517dc3f1e28ed6fe0d1d5a6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb66433d30052094517dc3f1e28ed6fe0d1d5a6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200225/01329597/attachment.html>
More information about the debian-security-tracker-commits
mailing list